Microsoft has released a report detailing the progress of the Secure Future Initiative, a company-wide overhaul put in place in November 2023. The initiative aims to improve security in the wake of high-profile vulnerabilities in 2023, including a breach in Microsoft Exchange Online that allowed threat actors associated with the Chinese government to access U.S. government emails.
The U.S. Cyber Safety Review Board found that Microsoft had a corporate culture that deprioritized both enterprise security investments and rigorous risk management. In response, Microsoft has implemented several changes, including appointing 13 deputy CISOs to oversee key security functions and dedicating the equivalent of 34,000 full-time engineers to the Secure Future Initiative.
Other steps Microsoft has taken include deploying and acting on six key pillars of security compliance, creating a new Cybersecurity Governance Council, and making security a critical part of every employee’s performance review. The company has also linked security performance to the senior leadership team’s compensation and mandated senior leadership to assess progress on the Secure Future Initiative every week.
Microsoft’s Six Key Pillars of Security Compliance:
The update on the Secure Future Initiative serves as a timely reminder for security and engineering teams to uphold rigorous standards and adhere to industry best practices. By prioritizing security and adapting quickly to data breaches, companies can protect themselves against common cyber threats.