​Microsoft’s CEO Nadella: Trust us, we spend $1bn on security R&D every year

Microsoft CEO Satya Nadella on Tuesday laid out why customers should trust it ensure they're up and running in the face of cyber attacks from all directions.

Nadella on Tuesday outlined Microsoft’s security strategy to an audience of government employees in Washington DC, driving home the company's message about trust.

Trust, according to Nadella, will be critical as the world steps up the pace of opening network connections to consumers, suppliers, plant equipment, BYOD devices and the Internet of Things. On the one hand productivity gains won’t happen without increased connectivity, yet every new link can pose additional security threats.

“[Technology’s] become the core of not just the tech industry but every industry,” said Nadella, speaking at the Microsoft Government Cloud Forum.

“But companies are not going to use the technology unless they can trust it. And that’s why trust for us is central to our mission of empowering every person and organisation.”

“We live in a world where attacks can come from anywhere,” he said later, highlighting that the top eight breaches in 2015 led to 160 million compromised records. Meanwhile, borrowing from FireEye research, he noted the average time to detect an intrusion remained over 200 days.

“The attackers are more organised,” Nadella said. “You’re under constant attack. That’s the environment we have to deal with.”

“The cost of all of this in lost productivity and lost growth is estimated to be something like 3 trillion dollars,” he said.

Microsoft is taking a “very principled” approach to address these concerns, said Nadella, who pinned the company's strategy for trust on privacy, compliance, transparency and security.

Nadella said Microsoft was taking a “principled approach” and that includes managing its customers’ data in “accordance with the law of the land”.

That’s probably a nod to some of the issues surrounding last week’s announcement of two new data centres in Germany, where it's appointed Deutsche Telekom as its German “data trustee”, effectively making the new facilities as off-limits for the US government.

While addressing European concerns about US surveillance, the German arrangement is also a sign of how Microsoft hopes to protect US citizens’ data from foreign government access. In defying a US warrant it’s been served for email stored in its Irish data centre, Microsoft has argued that Americans would be outraged if a non-US government issued a similar warrant for US customer data stored on US soil.

While Nadella sounded more like a security evangelist at times than a bigger picture CEO, given the venue, Nadella steered his talk at moments to pitching Microsoft services, promoting that security is integral to Windows 10, Office 365, Azure, and Microsoft Enterprise Mobility Suite (EMS), rather than an add-on.

Nadella boasted Microsoft spends $1bn a year on security R&D, and that it runs “the world’s largest” anti-malware service through its Windows Defender program. Besides this, it facilitates 300 billion authentications each month and updates one billion devices every month with patches and compatibility -- a number it's previously used to take a stab at Google over Android security updates. And according to Nadella, security was part of Microsoft’s motivation for moving Windows and Office 365 to an ongoing subscription model.

Nadella also introduced the concept of the “security graph”, which offers it security insights based on big data it receives from end user devices, consumer services, commercial services and on-premise technologies.

To that end, Microsoft today also announced that its MDM software Microsoft Intune can now protect corporate apps on BYOD handsets that are not enrolled. This allows end-users to control their own devices while offering the IT department control over company IP.

This adds to a recent update that allows Intone to separate corporate data from personal data within the same app. So, Officer mobile users can access their content from OneDrive consumer as well as OneDrive for Business.

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list.

Get newsletters, updates, events and more right here.