Michael Daniel, the chief executive officer of the Cyber Threat Alliance, a nonprofit that shares intel about cyber risks and is funded in part by some of Microsoft’s rivals, reviewed the company’s current efforts at Bloomberg’s request. Daniel said they would boost security on the company’s platforms, including the cloud, if fully implemented. But he added that the security revamp doesn’t appear to fully address several key issues highlighted by the cyber review board, including an “inadequate” security culture.

‘Trustworthy computing’

If Microsoft’s current woes sound familiar, it’s because the company went through a similar crisis in the early aughts. At the time, computer worms were disrupting computers running Windows. In January 2002, co-founder Bill Gates issued his “trustworthy computing” memo urging software developers to prioritize security.

“So now, when we face a choice between adding features and resolving security issues, we need to choose security,” Gates wrote. “Our products should emphasize security right out of the box.”

Microsoft halted the development of new Windows features for months to fix the flaws and attempted to create a more security-minded culture among its software engineers

Looking back on that period, Arsenault says it was a simpler time. Because Microsoft was releasing a version of Windows every few years, a pause was possible. That’s no longer the case because Microsoft and its rivals update software multiple times a day in the cloud. “It’s just a different company,” Arsenault said.

In the following years, Microsoft also fell behind Google in search, Apple in mobile devices and Amazon in cloud-based services. The pressure to catch up prompted the company to prioritize speed over security. Microsoft wasn’t alone. Many tech companies — keen to cash in on Silicon Valley’s explosive growth — embraced an ethos epitomized by the then Facebook slogan: “Move fast and break things.”

Microsoft’s belated shift to the cloud began about 2010. The move let the company fix security flaws directly, rather than asking customers to install patches. But cloud services presented new security challenges, as the recent breaches have made clear.

Given the sophistication and resources of nation-backed hackers, it may be impossible to completely stop them. Microsoft’s security overhaul will help, but critics say the company should again slow down the release of new products to ensure better resilience going forward. Last week, the cyber board urged Microsoft to “deprioritize feature developments across the company’s cloud infrastructure and product suite until substantial security improvements have been made.”

In fact, Microsoft is racing to capitalize on its early advantage in generative artificial intelligence. Already customers are asking how they’ll protect all the new AI programs, Bell said. He’s got an answer for them: Buy more Microsoft security software.

Even the cybersecurity unit has caught the AI bug — launching an assistant for security professionals that helps detect and thwart hacking attempts. In the past few weeks, executives have been traversing the U.S. showing off the tool, called Copilot for Security. Early customer feedback for the AI assistant has been overwhelmingly positive, according to Vasu Jakkal, a vice president in Microsoft's security division.

“I have never seen interest like that in any security tool,” she said.

©2024 Bloomberg L.P. Visit bloomberg.com. Distributed by Tribune Content Agency, LLC.