MY TAKE: Is Satya Nadella’s ‘Safe Future Initiative’ a deja vu of ‘Reliable Computing?’ – Fin Serve

By Byron V. Acohido

SAN FRANCISCO — On the eve of what guarantees to be a news-packed RSA Convention 2024, opening right here on Monday, Microsoft is placing its cash the place its mouth is.

Associated: Shedding gentle on LLM vulnerabilities

Extra exactly the software program titan is placing cash inside attain of its senior executives’ mouths.

Screenshot

In an enormous growth, Microsoft introduced right now that it’s revising its safety practices, organizational construction, and, most significantly, its govt compensation in an try to shore up main safety points with its flagship product, to not point out quell rising stress from regulators and prospects.

A shout out to my pal Todd Bishop, co-founder of GeekWire, for staying on prime of this growth. His breaking information protection is as thorough as you’d count on as a Microsoft beat author with institutional data going again a few many years.

Org overhaul

As Todd reviews, not solely is Microsoft basing a portion of senior govt compensation on progress towards safety objectives, it additionally will set up deputy chief info safety officers (CISOs) in every product group,and convey collectively groups from its main platforms and product groups in “engineering waves” to overtake safety.

This immediately delivered to thoughts one thing eerily comparable that occurred 22 years in the past – one thing each Todd and I wrote about on the time. On January 15, 2002, Invoice Gates issued his well-known “Reliable Computing” (TC) company-wide memo, slamming the brakes on Home windows Server 2003 growth and quickly redirecting his prime engineers to emphasise safety as a prime precedence.

Gates

This “safety stand down” allowed Microsoft to conduct a complete evaluation and overhaul of their software program design  practices, as a part of a broad effort to combine safety deeply into the software program growth course of at Microsoft. Given its stature as an 800 lb gorilla, Microsoft actually influenced cybersecurity as a complete, arguably setting a course for utility safety ideas and practices that had been to evolve within the wake of TC.

Stress redux

However now, as soon as once more, Microsoft is feeling sufficient stress from its enterprise prospects to recalibrate its strategy to safety. Simply as Gates’ memo turned a constitution to infuse safety, privateness, and reliability throughout all Home windows merchandise, Satya Nadella’s Safe Future Initiative (SFI) is aimed toward deepening this ethos in an surroundings now dominated by subtle cyber threats, cloud-based information and pervasive AI applied sciences.

The frequent denominator is belief—crucial then and now. Initially, TC was about setting a safety baseline inside the material of software program growth through the web’s early life. SFI expands this imaginative and prescient, emphasizing intrinsic safety within the design, deployment, and operation of Microsoft’s huge array of services and products, focusing notably on the challenges posed by AI and cloud vulnerabilities.

Underneath Gates, TC catalyzed a metamorphosis inside Microsoft that rippled out throughout the tech trade, prompting a heightened give attention to growing software program that was safe by design.

TC’s legacy

An argument actually may be made that TC foreshadowed “shift left” software program safety growth practices and, finally, DevSecOps. The core precept is that each section of software program growth needs to be infused with some facet of safety.

Nadella

I’d argue that TC laid the groundwork for steady safety integration, a core part of DevSecOps. This strategy ensures that safety concerns aren’t an afterthought however are embedded all through the event lifecycle. Extending from this basis, SFI appears well-positioned to push these boundaries additional, integrating AI to proactively handle safety threats and embedding strong safety measures as default settings in new merchandise.

Whereas TC reshaped conventional software program safety, SFI has an opportunity to assist not simply Microsoft prospects, however the tech sector as a complete. The large activity at hand is to reconcile privateness and safety considerations in terms of securing complicated AI algorithms and sprawling cloud networks.

Humorous how even because the tempo of change accelerates, the core privateness and safety considerations stay the identical. I’ll preserve watch and preserve reporting.

Acohido

Pulitzer Prize-winning enterprise journalist Byron V. Acohido is devoted to fostering public consciousness about tips on how to make the Web as non-public and safe because it should be.


 

 

Leave a Comment

x