Microsoft has expanded the scope of the company’s Secure Future Initiative to integrate the lessons learned from the Midnight Blizzard cyber incident and recommendations from the Department of Homeland Security’s Cyber Safety Review Board concerning the Storm-0558 cyberattack.
The expanded SFI approach will be guided by three security principles: secure by design, secure by default and secure operations, Charlie Bell, executive vice president of Microsoft Security, wrote in a blog post published Friday.
A report released by CSRB in late March recommends that Microsoft develop and publicly disclose a plan on how it would reform its security practices and direct teams to fully assess and address security risks before deploying new features.
Microsoft is aligning its actions and goals to six security pillars to implement its expanded SFI effort.
These security pillars are: protecting identities and secrets, safeguarding tenants and isolating production systems, protecting networks, protecting engineering systems, monitoring and detecting threats and accelerating response and remediation.
To protect identities and secrets, specific actions include safeguarding identity infrastructure and platform keys with rapid and automatic rotation with hardware storage and protection, strengthening identity standards and ensuring that identity and public key infrastructure—or PKI—systems are ready for a post-quantum cryptography world.
Under the updated initiative, Microsoft will also reportedly advance adherence to standards with “Paved Paths” systems, drive continuous improvement and implement a new security governance framework.
Attend the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.
