Keeping threats at bay
How Microsoft changed its approach to security to protect an increasingly mobile workforce.
Today’s modern workplace is changing and Microsoft is no exception. Our employees collaborate around the world from almost any location; our people have a robust lives and fully embrace the work-from-anywhere philosophy. Accordingly, the Microsoft IT organization has had to make a fundamental shift in how it approaches security to keep up with the demands of this new digital workplace. Our IT teams must now balance the need for enterprise-wide security with the desire to empower our employees to be productive when working from wherever they happen to be.
In this always-on world, the term “control” takes on a different meaning. In recent years, the sheer volume of information combined with diverse and fluid methods for accessing it has propelled IT to re-examine classical methods for securing the enterprise. Traditional security models of centralized management and security controls are challenged with the adoption of consumer devices and services and new forms of collaboration amongst employees, customers, and partners.
In the midst of a changing and challenging landscape, protecting users and data remains a primary focus at Microsoft. How have we handled this — and how do we plan on continuing to protect ourselves in the future?
The first and most important step: basic hygiene. We keep operating systems and applications on current software versions and maintain up to date anti-virus signatures. According to the latest Security Intelligence Report, systems that run expired software are four times more likely to be infected than systems with updated software. This is a critical — and often-overlooked — first step that every company needs to maintain the security of its people and data.
The second step is to manage the data and not just devices in our workplace. As we’ve enabled mobility and moved applications to the cloud, we’ve had to rethink how we protect sensitive information and how we manage identity and access.
We’ve also had to expand our focus from infrastructure to the behavior of our employees. This is where the third element of protecting Microsoft comes in. Even with software updates and identity access and management in place, employees play a huge part in protecting any company. We approach this less as a mandate, and more like a lifecycle, with programs and education in place to make security an integral part of our culture.
Learn more about our seven big initiatives for a more secure Microsoft, how Microsoft helps employees protect and secure their devices and what we’ve done to combat social engineering and phishing schemes in the Reimagining Security chapter of the Microsoft IT Executive Report.
