On Friday, May 3, we saw the news that Satya Nadella issued a memo to all employees, emphasizing that security must come before any other priority, including new features or legacy system support. Part of the message here is that security is no longer the job of only the Security team, but it’s everyone’s job. Microsoft is revamping its security protocols following a series of high-profile cyberattacks.
Finally! A top-down directive to put security first. From the CEO. The business world needs to take note. If we are ever to move the needle on security awareness and culture, this is the only way. Thank you, Mr. Nadella, for showing us the way. Some might write this off as a marketing move. But, this would be a savvy marketing move for any company in any industry. Not just a tech giant like Microsoft.
Some of the key aspects of Satya’s directive:
- Security is Job One: Security is now the company’s highest priority.
- Secure Future Initiative: The initiative focuses on advancing cybersecurity across new and existing products, guided by principles of being secure by design, default, and through continuous operational improvements.
- Response to Cyber Threats: The changes are in response to sophisticated cyber threats, including attacks by Chinese and Russian hackers on Microsoft’s systems in recent years.
It takes a lot of effort to steer such a big ship as Microsoft in even a slightly different direction. Of course that new direction can only come from the top. As the ancient Chinese writer, Laozi, famously quoted, “a thousand-mile journey begins where one stands.” This single step might help nudge Microsoft towards a more security-minded culture. To build security into all products and processes at a grassroots level. Perhaps it will even stir all IT-beholden enterprises in the same direction? This is the transformative voyage we, at OutThink, have charted for countless companies, and we stand ready to embark alongside Microsoft on this daring expedition towards a safer tomorrow.