Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Invests $1 Billion In 'Holistic' Security Strategy (darkreading.com)

Posted by Soulskill on from the throw-money-at-it-until-it-goes-away dept.

ancientribe writes: Microsoft has invested $1 billion over the past year in security and doubled its number of security executives, according to company's CISO Bret Arsenault. In an address today (webcast), CEO Satya Nadella officially announced the launch of a new managed security services group and a new cyber defense operations center — all part of its new strategy of holistic and integrated security across its products and services. Microsoft execs rarely detail the company's strategy so publicly, so that in itself underlines how security is a major element in its strategy.

16 of 80 comments (clear)

  1. Conflict of Interest? by Tablizer · · Score: 2, Informative

    Paying MS to fix security problems is like paying chemical companies to clean up their own pollution.

    --
    Table-ized A.I.
    1. Re:Conflict of Interest? by Tablizer · · Score: 2

      Such is called the "broken window" economic theory. It may generate employment, but not necessarily better living.

      --
      Table-ized A.I.
  2. Phone calls from MS by fhage · · Score: 5, Funny

    Hi! I'm an Executive at the Microsoft Cyber Defense Operations Center, and we've detected a problem with your internet....

  3. Re:One set to create the problem, one set to solve by parkinglot777 · · Score: 3, Interesting

    Hmm... I thought "executives" mean more people pointing fingers to others instead of do the coding???

  4. Re:One set to create the problem, one set to solve by bondsbw · · Score: 2

    Isn't that precisely what companies are doing with security bug bounty programs?

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  5. I feel old (because I am - sigh) by frnic · · Score: 4, Interesting

    But, I find it hard to imagine the amount of polished code that could be created for $1,000,000,000.

    I guess because the code executes so much faster today, it costs more to create and debug it?

    1. Re:I feel old (because I am - sigh) by gweihir · · Score: 3, Insightful

      No, no, they have not spent that money on _code_. They have spent it on _executives_! You know, clueless people with big egos that earn a lot of money and prevent engineers from doing a good job.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. Doubling the number of executives 1/x^2 by exabrial · · Score: 5, Funny

    Applying the inverse square law... means 1/4 of the productivity.

  7. Re:One set to create the problem, one set to solve by xxxJonBoyxxx · · Score: 4, Interesting

    >> Isn't that precisely what companies are doing with security bug bounty programs?

    No, that's called "outsourcing QA"

  8. We're at "holistic" by Opportunist · · Score: 3, Funny

    Wake me when we get to crystal healing.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Holistic terminology by nawcom · · Score: 2

    I'm guessing he used the term "holistic" in a sense that the plan covers multiple aspects of security. The classical term of "holistic" refers to not alternative treatments, but rather it covering the entirety of something or treating everything as interconnected. In medical terms, it usually refers to the mind and body as a whole.

    Might I add that most "holistic" medicine is grade A horseshit.

  10. Anything's better than the prior approach ... by tlambert · · Score: 3, Funny

    Anything's better than the prior approach, which was homeopathic.

  11. And "Security Executives" help how? by gweihir · · Score: 2

    Most of them will be incompetent (as most executives are) with regards to security anyways. What about hiring some actual experts (i.e. engineers) and giving them the power they need to change things?

    Of course, that would result in these experts telling MS to scrap everything and start over (based on xBSD or Linux) because Security is not something you can successfully bolt-on after the fact. And that is the reason why this is pure show. MS has never cared about their customers or about having a good product. They have always ignored other things that work whenever they could and made their own thing instead, badly. As long as their bottom-line is unaffected, that will never change. Of course, with all the mobile devices these days, a "pure MS" ecosystem does not exist and the average person has found out that you can do cool things with non-MS systems too.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. Re:One set to create the problem, one set to solve by turbidostato · · Score: 2

    "This makes perfect sense"

    This makes perfect sense... TWICE!

    "CEO Satya Nadella officially announced the launch of a new managed security services group and a new cyber defense operations center â" all part of its new strategy of holistic and integrated security"

    In order to attain an holistic approach, Microsoft's CEO creates new separated groups and facilities. Brilliant!

  13. Re:One set to create the problem, one set to solve by davester666 · · Score: 2

    Didn't they do this dance 10-15 years ago? Bill put a big stop to everything and for 6-12 months MS was just focused on "security".

    Someone should tell them it's not a 'every once in a while' thing.

    --
    Sleep your way to a whiter smile...date a dentist!
  14. Surely This is a Spoof? by segedunum · · Score: 2

    Bret Arsenault, CISO, Microsoft

    "My internal operations team can swivel with the DCU [Digital Crimes Unit]" there, for example, Arsenault says.

    WTF is this?