Microsoft Looks to Transform Security into a Service

Slide Show

8 Web App Security Best Practices to Fight Off Bot Intrusions

Looking to address what Microsoft CEO Satya Nadella describes as the most pressing issue of our time, Microsoft this week launched a flurry of security offerings intended to turn security into a set of continuously delivered services.

Speaking at a Microsoft Government Cloud Forum, Nadella says that in much the same way that Microsoft now manages Windows 10 as a service, everything from behavioral analytics of attacks to remediation will soon become a set of common services spanning the desktop, server and Microsoft cloud offerings.

To that end, Microsoft announced the formation of a Microsoft Enterprise Cybersecurity Group made up of security professionals that will work with a new Cyber Defense Operations Center that Microsoft is setting up to detect threats in real time using what Nadella describes as an intelligent fabric that Microsoft will continue to expand and invest in over time.

In addition, Microsoft is extending the capabilities of its Enterprise Mobility Suite (EMS) support for Windows, Apple iOS and Google Android applications and devices without requiring organizations to enroll those devices and applications, while at the same time giving organizations more control over access to their data stored in Office 365 and Equivio Analytics for eDiscovery.

Finally, Microsoft announced that Box and Adobe will offer new Microsoft Intune native apps on iOS and Android to help prevent sharing of confidential corporate data to personal locations or cloud services, and that organizations that build applications using the SAP Fiori framework will be able to invoke Microsoft Intune as well.

Coupled with a set of existing security-as-a-service offerings from Microsoft and the recent acquisitions of Secure Islands, a provider of data protection software, and Adallom, a provider of access control software for cloud services, Microsoft is clearly making the ability to identify threats using advanced analytics not only a much higher priority, but also providing updates that promise to prevent those threats from infecting IT environments at a massive scale.

It may be impossible to prevent every threat from infecting any given system. But there’s no reason that threat should not be identified much faster than it is today or, just as importantly, prevented from infecting scores of additional systems simply because nobody knows it’s there in the first place. Given that Microsoft is often at the front line of where those attacks are launched, anything that Microsoft does to mitigate those threats is both welcome and admittedly long overdue.