23, nearly a year after Microsoft kicked off the initiative in response to a scathing report from the U.S. Department of Homeland Security's Cyber Safety Review Board about a "cascade of security failures" that led to a breach of email systems affecting 22 organizations, including the federal government. The SFI progress report highlights broad changes to Microsoft security programs from identity and access management to secrets management, network and software supply chain security as well as bringing production systems up to date with zero-trust security practices. In this episode of IT Ops Query Season 2: The State of SecOps, Melinda Marks, cybersecurity practice director for TechTarget's Enterprise Strategy Group, discusses key takeaways from Microsoft's first Secure Future Initiative (SFI) progress report. Much of the first SFI progress report details how Microsoft inventoried its IT infrastructure, rooted out and cut off access to unused accounts and legacy resources, and brought hundreds of thousands of resources secured using an outdated API up to date. The good news is that evolving cloud security tools that tie together various aspects of cloud and app security into a single view of the application lifecycle can potentially help this collaboration, according to Marks. Better late than never: Microsoft lags major cloud competitors in making security a top priority. As with Microsoft, SecOps practices at many enterprises must evolve in an age of regulatory scrutiny to become more efficient and collaborative while maintaining visibility and control, Marks said. Microsoft security was found wanting by the federal government last year. Microsoft has more than 1.5 billion users, including more than 300 million paid subscribers to Microsoft 365, 100 million developers using GitHub and millions of users of its Azure cloud services.
This Cyber News was published on www.techtarget.com. Publication date: Thu, 03 Oct 2024 19:13:05 +0000