![]() “I don't view security as fundamentally any different than, say, reliability or availability. Everything we used to do we've had to transform in this new world, where a lot of the security things we want engineers to adopt, we've operationalized, built into our engineering systems.” ![]() Cloud means we're continuously updating our products and changing our products. ![]() ![]() “What has changed in the last 10‑odd years is that we've moved to the cloud. “We've been building security into products for a very long time at Microsoft,” says Shah. Customers of these products and services expect them to be exceptionally secure. In the first three months of 2019, Microsoft claims its commercial cloud business (including Azure, Office 365 and Dynamics 365) grew by 41% with $9.6 billion in sales. Windows 10 has 39% of the worldwide marketshare for desktop operating systems. It’s estimated that more than a billion people use Windows on their desktops alone.Īs those products have moved to the cloud, the stakes around security are now higher. Microsoft’s historical dominance on the desktop and networks has made it a target for hackers, so making its products secure has long been a priority. It requires buy-in from both groups, ongoing training, effective communication and, importantly, a strong endorsement from executive management.ĬSO recently spoke with Bret Arsenault, Microsoft’s CISO, and Bharat Shah, vice-president for security engineering in Microsoft’s cloud and AI division, about how the company’s developers and security professionals collaborate to build security into its tools and products. Executing that approach is not so simple. Microsoft’s approach is simple and is based on good, consistent training and communication. ![]() Why can’t there be one set of shared goals for both teams? Software giant Microsoft believes it has achieved a common purpose between its development and security operations, and that this shared purpose has resulted in better security for both its internal and commercial software and services. Security sees themselves working to fix vulnerabilities that developers create, while to developers security is a series of speed bumps that keep them from reaching their milestones on schedule. How would you describe the relationship between your organization’s security and development teams? Chances are, you’d use words like “tense” or “distrustful.” That’s because the two groups often feel they are working at cross-purposes and getting in each other’s way. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |