Microsoft has faced a series of cybersecurity challenges in recent years. The SolarWinds attack in the past, the compromise of thousands of organizations’ email servers due to a Microsoft Exchange Server flaw, and the breach of US government emails via a Microsoft cloud exploit earlier this year are just a few examples. These incidents have prompted Microsoft to announce the Secure Future Initiative (SFI), a comprehensive cybersecurity effort aimed at overhauling the way the company approaches software and service development, testing, and operations.
The SFI involves significant changes in Microsoft’s engineering processes, incorporating automation and AI to enhance the security of its cloud services, reduce the time taken to address vulnerabilities, and strengthen default security settings. This shift marks the most substantial transformation in Microsoft’s security strategy since the introduction of the Security Development Lifecycle (SDL) in 2004.
One key aspect of the SFI is the use of automation and AI, including leveraging CodeQL, to identify and rectify bugs in the code at a faster pace. Moreover, Microsoft aims to build an AI-based cyber shield to detect threats swiftly. The company also plans to expedite the mitigation of cloud vulnerabilities and enhance the security of encryption keys through the implementation of confidential computing infrastructure. Additionally, it intends to provide more secure default settings for Multi-Factor Authentication (MFA) to customers.
Despite this commitment, Microsoft continues to face criticism for its response time to security issues. The company aims to reduce the time taken to address vulnerabilities by 50 percent. Furthermore, Microsoft calls for international efforts to recognize cloud services as critical infrastructure and prevent cyberattacks targeting critical services.