Friend
Professional
- Messages
- 2,653
- Reaction score
- 849
- Points
- 113
How is the Secure Future initiative designed to counter hackers?
Microsoft has significantly strengthened the security of its cloud environment by removing 730,000 unused applications and 5.75 million inactive users as part of the Secure Future Initiative (SFI). This program, launched in response to major cyberattacks last year, aims to reduce vulnerabilities and improve identification and authentication mechanisms.
Over the past three months, the company has also rolled out 15,000 new rugged devices to its development teams and introduced video identity verification for 95% of its software development workforce. In addition, the access key management processes for Entra ID and Microsoft Account (MSA) clouds, both public and government, have been updated.
With the SFI initiative, Microsoft intends to significantly reduce its cybersecurity risks. "Since the launch of the program, we have deployed the equivalent of 34,000 full-time engineers, making it the largest cybersecurity initiative ever," said Charlie Bell, executive vice president of Microsoft Security.
SFI started in November 2023, shortly after the Storm-0558 hacker group hacked into the company's cloud-based email system, gaining access to the emails of several government organizations. In early 2024, Microsoft also reported a second hack involving the Midnight Blizzard group, which used a simple password attack to infiltrate corporate email accounts.
Experts from the U.S. Cybersecurity Review Board have identified a number of strategic and cultural challenges in Microsoft's approach to security. In response, the company identified six key areas for improvement: identity security, cloud systems and engineering platforms, threat and incident monitoring, and network hardening and attack response.
Microsoft is actively working to reduce the attack surface. Removing inactive users and applications reduces the risk of hacking through cloud systems. Particular attention was paid to network security: virtual networks are isolated from the corporate infrastructure and undergo a full security audit.
The company has also strengthened the security of its engineering systems by implementing centralized templates for 85% of cloud product builds and limiting the validity of personal access keys to seven days. Important points in the software development process are now protected by mandatory presence checks.
Microsoft continues to implement this initiative, achieving not only improvements on the technological side, but also at the organizational level. In May 2024, the company announced measures aimed at increasing management's responsibility for security, including tying compensation to the fulfillment of specific cybersecurity goals.
Source
Microsoft has significantly strengthened the security of its cloud environment by removing 730,000 unused applications and 5.75 million inactive users as part of the Secure Future Initiative (SFI). This program, launched in response to major cyberattacks last year, aims to reduce vulnerabilities and improve identification and authentication mechanisms.
Over the past three months, the company has also rolled out 15,000 new rugged devices to its development teams and introduced video identity verification for 95% of its software development workforce. In addition, the access key management processes for Entra ID and Microsoft Account (MSA) clouds, both public and government, have been updated.
With the SFI initiative, Microsoft intends to significantly reduce its cybersecurity risks. "Since the launch of the program, we have deployed the equivalent of 34,000 full-time engineers, making it the largest cybersecurity initiative ever," said Charlie Bell, executive vice president of Microsoft Security.
SFI started in November 2023, shortly after the Storm-0558 hacker group hacked into the company's cloud-based email system, gaining access to the emails of several government organizations. In early 2024, Microsoft also reported a second hack involving the Midnight Blizzard group, which used a simple password attack to infiltrate corporate email accounts.
Experts from the U.S. Cybersecurity Review Board have identified a number of strategic and cultural challenges in Microsoft's approach to security. In response, the company identified six key areas for improvement: identity security, cloud systems and engineering platforms, threat and incident monitoring, and network hardening and attack response.
Microsoft is actively working to reduce the attack surface. Removing inactive users and applications reduces the risk of hacking through cloud systems. Particular attention was paid to network security: virtual networks are isolated from the corporate infrastructure and undergo a full security audit.
The company has also strengthened the security of its engineering systems by implementing centralized templates for 85% of cloud product builds and limiting the validity of personal access keys to seven days. Important points in the software development process are now protected by mandatory presence checks.
Microsoft continues to implement this initiative, achieving not only improvements on the technological side, but also at the organizational level. In May 2024, the company announced measures aimed at increasing management's responsibility for security, including tying compensation to the fulfillment of specific cybersecurity goals.
Source
