Microsoft is doubling down on efforts to rebuild its relationship with the federal government by rolling out an enhanced internal cybersecurity strategy. This move comes in response to significant pushback from lawmakers and federal offices following a major hack by China last summer that exposed the internal emails of top officials.
Why It Matters
The breach has put Microsoft in the hot seat, prompting a need for swift action to reassure federal agencies of their commitment to cybersecurity. Steve Faehl, Chief Technology Officer for Microsoft’s federal security business, revealed that the company is actively briefing federal IT and security leaders on its revamped cybersecurity practices.
Zoom In
Faehl has been meeting with security teams from various federal agencies to outline Microsoft's new cybersecurity strategy. This strategy is an extension of the Secure Future Initiative launched last November, which incentivizes Microsoft executives and employees to prioritize cybersecurity in product design. Key meetings have involved Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), threat intelligence teams, and directors of security operations centers.
Driving the News
Next month, Microsoft President Brad Smith will testify before the House Homeland Security Committee regarding the new strategy and the implications of last summer’s China hack. A government advisory board has criticized the hack as "preventable," highlighting the need for improved security measures.
Inside the Room
Faehl emphasized that federal agencies are particularly concerned about the authenticity and effectiveness of Microsoft's new initiatives. To address these concerns, Microsoft showcases completed goals and ongoing projects as evidence of its serious commitment to cybersecurity.
What They're Saying
“They understand that the norms have changed and that things are different and that Microsoft is mounting a significant security effort,” Faehl said about the federal agency meetings. He added that federal leaders are seeking certainty and clarity about these efforts, which has been the focus of most conversations.
The Big Picture
Microsoft faces stiff competition from tech giants like Google, which recently released a white paper and blog post criticizing Microsoft’s cybersecurity practices. Google even offered discounts on services to government customers considering a switch. Other competitors like CrowdStrike and Trellix have also targeted Microsoft’s client base.
Yes, But
Despite the competitive landscape, Microsoft remains focused on collaboration rather than rivalry. “We don’t see companies with alternative solutions, such as [cloud-service providers] and security vendors, as the competition,” Faehl stated. “We know that the U.S. government is a target — we are a target as a result — and we are looking for partnerships to address those threats.”
Conclusion
Microsoft's new cybersecurity strategy represents a significant step towards restoring federal trust and demonstrating its commitment to safeguarding sensitive information. As it continues to roll out these measures, the tech giant aims to set a new standard in government cybersecurity collaboration.