Our year of social, institutional and commercial upheaval – including the widespread emergence of remote-working, the growth of e-commerce and evidence of COVID 19-related cybercrime – has certainly thrust the issue of cybersecurity into the spotlight.
The link between secure data and trust is well established. It is also a topic that frequently comes up when I talk to our customers and partners. You cannot have trust without privacy, and you cannot have privacy without security. Many organisations now face the challenge of meeting the growing expectations of customers while maintaining productivity in a secure, ‘hybrid’ environment.
Clearly, it’s a narrow path, and this year in particular we’ve been learning how to walk it. So today, I’m going to share our learnings – that it’s possible to retain and even improve customer trust while effectively managing security and risk.
Simplify security to improve customer and employee experiences
Innovation and productivity are hugely important to organisations, especially in unpredictable times. So how can an effective security solution work with and enable them?
Our experience is that having an integrated approach built on a ‘zero-trust’ model can keep your digital real estate secure, without sacrificing creativity or impacting workflows.
What is zero trust? It’s when all users, devices, apps and infrastructure – both inside and outside your network – are presumed untrustworthy. So, by default, the same automated security checks are applied to all users, devices, applications and data, every time.
When we implemented zero trust at Microsoft, it enabled our employees to access the tools they needed to work with their customers, from anywhere.
We also use single sign–on using biometric based authentication wherever possible, focussing on multi-factor authentication. MFA reduces the risk of identity fraud by more than 99.9 percent. And single sign–on means employees only have to sign in securely on a device once (unless the conditions change) before accessing all the tools and apps they need to provide great customer experiences.
Data security in the cloud
In a fast-changing threat landscape, it’s crucial to safeguard organisational data. Our own research suggests that criminals have even been exploiting COVID-19 for their own personal gain. For a company like Vodafone, they have to keep over 630 million customers’ data secure, while complying with government regulations. They also want to ensure they can continue delivering services to customers.
Alongside our zero-trust model, we’ve established a secure foundation, based on Azure. It has multi-layered security across physical data centres, infrastructure and operations. We have over 3,500 global cybersecurity experts working to safeguard assets and data. In the background, machine learning, behavioural analytics and application-based intelligence check out potential threats, while we all get on with our work. Integration combined with intelligence reduces thousands of alerts to a handful of incidents correlating those alerts. Information Protection (DLP) and Compliance helps us make sure we meet industry regulations and customer requirements while also helping protect, govern, and recover data.
Enable remote work security
Our security journey has changed how we manage identity and network access, and our ability to secure a remote workforce has improved. As I’ve outlined, at the core of zero trust is user identity and endpoint management. This makes it easy for our employees to securely access their work, no matter where they are.
The same foundation effectively supports any Bring Your Own Device scenario. This can reduce costs and make life easier, as your employees seamlessly use their own devices while staying secure.
What do I believe is the most important part of our security strategy? Our people. There’s nothing like creating a culture of security to keep organisations safe. That’s why it’s important to ensure everyone – from the top down – has good cybersecurity awareness and knowledge. It’s important to ensure everyone is comfortable to speak up if they’ve done something wrong, without fear of retribution. We incorporate fun web training that makes employees feel empowered to stay secure.
That said, we’re aware that there’s a looming security skills shortage, with 3.5 million unfilled positions predicted by 2021. At Microsoft, we’ve widened our search for talent, broadened our inclusion and diversity efforts, and are aiming to re- and up-skill current employees. Our security skills training is accessible to all and can be applied beyond typical office scenarios.
Meanwhile, automation takes on our more repetitive security tasks, such as low-level event handling. Azure Sentinel, for example, cuts alert noise by 90 percent, with just the most critical, thorny issues—the top 10 percent—escalated to professionals for them to address. Security Graph uses the cloud to connect all of Microsoft security products, services, and partners, collecting trillions of data points daily. This feeds threat intelligence across customers and partners. Ultimately, speeding up threat detection and incident response.
Building customer trust with security
I believe security, when it is built-in and treated like an enabler rather than a pain point, frees up employees to be able to do their best work. Supported by AI and machine learning to help take over the low-level monitoring, your cybersecurity team can focus on higher–level tasks. This translates to better customer experiences and protection over your whole digital estate, including data.
Find out more
Resources for your development team
About the author
As National Technology Officer, Glen leads Microsoft’s technology vision and models its culture of learning, while developing strategies to protect and extend Microsoft Cloud into complex regulated markets. He will inspire leaders of state and enterprise, regulators and customers on how best to leverage innovation to drive digital transformation.