Source URL: https://www.microsoft.com/en-us/security/blog/2024/09/23/securing-our-future-september-2024-progress-update-on-microsofts-secure-future-initiative-sfi/
Source: Microsoft Security Blog
Title: Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI)
Feedly Summary: Since the Secure Future Initiative (SFI) began, we’ve dedicated the equivalent of 34,000 full-time engineers to SFI—making it the largest cybersecurity engineering effort in history. And now, we’re sharing key updates and milestones from the first SFI Progress Report.
The post Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI) appeared first on Microsoft Security Blog.
AI Summary and Description: Yes
Summary: Microsoft’s Secure Future Initiative (SFI) aims to enhance cybersecurity across its platforms, committing vast engineering resources and fostering a security-first culture within the organization. Key updates include the establishment of a Cybersecurity Governance Council, mandatory security training for all employees, and significant improvements across six cybersecurity pillars.
Detailed Description:
The Microsoft Secure Future Initiative (SFI) represents a robust effort to bolster cybersecurity within the company. Here are the major components of this initiative:
– **Significant Resource Allocation**: Microsoft has allocated the equivalent of 34,000 full-time engineers towards the SFI, marking it as the largest cybersecurity engineering operation in history.
– **Governance and Accountability**:
– Formation of a Cybersecurity Governance Council led by CISO Igor Tsyganskiy, responsible for overall cyber risk management.
– Implementation of security as a core performance metric for all Microsoft employees, linked to performance reviews and compensation.
– **Security Education**:
– Launch of the Security Skilling Academy to provide tailored security training for all employees, ensuring they are equipped to understand their role in maintaining security.
– **Pillars of Focus**: The SFI encompasses six critical areas of cybersecurity, each receiving tailored updates:
1. **Protect Identities and Secrets**: Enhancements in identity management, including automated token management and phishing-resistant credential enforcement.
2. **Protect Tenants and Isolate Production Systems**: Streamlining app lifecycle management and reducing inactive tenants to lower exposure points.
3. **Protect Networks**: Improved asset tracking and isolation of network resources to minimize lateral movement during potential attacks.
4. **Protect Engineering Systems**: Enhancements in build pipeline governance and access protocols to strengthen overall security workflows.
5. **Monitor and Detect Threats**: Adoption of standardized security logs across services with extended retention periods to assist in threat detection.
6. **Accelerate Response and Remediation**: Improved incident management processes and transparency regarding vulnerabilities via CVE publications.
– **Commitment to Continuous Improvement**: Microsoft emphasizes the importance of progress over perfection in the security landscape, adapting their practices to counter evolving cyber threats. The initiative also demonstrates a commitment to industry collaboration, including participation in CISA’s Secure by Design pledge and integration of insights from the Cyber Safety Review Board.
This comprehensive approach signals significant advancements in Microsoft’s cybersecurity posture, crucial for professionals in the fields of AI, cloud, and infrastructure security, as it provides insights into effective governance, resource allocation, and continuous improvement of security measures.