This morning Microsoft’s CEO Satya Nadella gave a global speech about enterprise security. He announced a new Cyber Defense Operations Center, a should-not-be-new Microsoft Enterprise Cybersecurity Group and a not-at-all-new-sounding Enterprise Mobility Suite (EMS). The webcast can be replayed here but don’t expect to be blown away. It’s all just tablestakes for a global cloud provider.
Security is being standardised all over the place now. Ordinary people are getting savier about security best practice; they know for example that biometrics templates need to be handled carefully in client devices, and that secure storage is critical for assets like identities and Bitcoin. “Secure Element” is almost a lay-person’s term now (Apple tried to give the iPhone security chip the fancy name “Enclave” but seem to now regard it as so standard it doesn’t need branding).
All this awareness is great, but it’s fast becoming hygeine. Like airplane safety. It’s a bit strange for corporations to seek to compete on security, or to have the CEO announce what are really textbook security services. At the end of the speech, I couldn’t tell if anything sets Microsoft apart from its arch competitors Google or Amazon.
Most of today’s CISOs operate at a higher, more strategic level than malware screening, anti-virus and encryption. Nadella’s subject matter was really deep in the plumbing. Not that there’s anything wrong with that. But it just didn’t seem to me like the subject matter for a CEO’s global webcast.
The Microsoft “operational security posture” is very orthodox, resting on “Platform, Intelligence and Partners”. I didn’t see anything new here, just a big strong cloud provider doing exactly what they should: leveraging the hell out of a massive operation, with massive resources, and massive influence.