Microsoft CEO Satya Nadella sharpens Microsoft’s security culture with a new memo. The core of the message is clear: when it comes to a trade-off between security and another priority, security must always come first.

“When it comes to a trade-off between security and another priority, the answer is clear,” Microsoft CEO Satya Nadella told his entire company in a memo. “Make it safe.” Nadella is aware that in some cases this approach will lead to delays in other matters, such as the introduction of new features or support for older versions, but he says there can be no doubt about that.

Bad report

Nadella’s memo to Microsoft follows a series of security incidents and a review of Microsoft by the American Cyber ​​​​Safety Review Board. It noted that an espionage campaign by Chinese hackers against Western companies, carried out through a vulnerability in Microsoft Exchange, was not inevitable. The council concluded that Microsoft’s security culture was inadequate.

Nadella’s words are important for the transformation of this culture. Everyone has now seen publicly and literally where the big boss gives absolute priority. In his memo, Nadella goes into more detail about this. He refers to it “Secure Future” initiative. (SFI), which Microsoft launched last November. Through the SFI, Microsoft aims to bring all areas of the company together to improve cybersecurity for both new products and existing infrastructure.

These pillars

“Going forward, we will commit our entire organization to SFI and double down on this initiative with an approach based on three core principles,” Nadella said. These are the following principles:

• Safe by design: Security is the number one priority when developing a product or service.
• Safe by default: Security measures are enabled and enforced by default, require no additional effort, and are not optional.
• Safe operation: Security controls and monitoring are continually improved to address current and future threats.

Nadella specifically refers to the review as a result of the Storm 0558 hack and acknowledges Microsoft’s responsibility. The new and clear priority for security is intended to make Microsoft and its products more resilient in the future.