Microsoft CEO Nadella: 'Zero Trust Is At The Foundation Of Security Transformation’

'We’ve spent years building our zero-trust approach internally at Microsoft. We’ve proven its effectiveness against real-world attacks. We are committed to sharing what we have learned to help every organization accelerate their progress,’ says Microsoft CEO Satya Nadella at the virtual Microsoft Security Summit.

Microsoft Chairman and CEO Satya Nadella on Thursday sounded the alarm about the expanding threat of cyberattacks, saying the security landscape in general has “never been more challenging or more complex.”

Nadella made the sobering remarks at the start of the virtual Microsoft Security Summit Wednesday.

Speaking with Vasu Jakkal, Microsoft’s corporate vice president for security, compliance, identity and privacy, Nadella didn’t mince words about the nature of the cyberthreats confronting institutions and individuals across the world.

“The pace of change is stunning,” he said in a video presentation at the start of the summit. “Ransomware attacks are just increasing in frequency. They’re blurring these historical lines between cybercriminal and nation-state activity. And we’re seeing the use of destructive malware on a scale that, frankly, we’ve never seen before.”

The summit was part instructive about cybersecurity threats in general and part about what Microsoft is doing, and planning to do, about cybersecurity moving forward.

According to Jakkal, Microsoft last year blocked more than 9 billion malware threats and more than 35 billion phishing and other malicious emails across the globe.

Meanwhile, company officials noted Microsoft’s recent commitment to spend $20 billion on security-related matters in coming years.

In his introductory remarks at start of the summit, Nadella touched upon a number of issues, from the importance of zero-trust security to three security areas he sees Microsoft focusing on moving forward.

Following are excerpts from his summit comments.

Malware On A 'Scale We’ve Never Seen Before’

The pace of change is stunning. Ransomware attacks are just increasing in frequency. They're blurring these historical lines between cybercriminal and nation-state activity. We are seeing the use of destructive malware on a scale that, frankly, we’ve never seen before. We recently issued a special report on this and shared steps we've taken to protect the Ukrainian people and the organizations so that those learnings can be applied in other scenarios going forward. And those are just, I would say, the geopolitical considerations. The bottom line is that the entire cybersecurity threat landscape has never been more challenging or more complex. … There isn’t a single industry that’s not being impacted. And security has never been more critical to our customers or our society as a whole.

Zero Trust Is The Foundation

Across the organization, three things are consistently at the top of my mind when I think about our responsibility and speak with leaders. The first is helping every organization adopt a zero-trust strategy, right? I mean, zero-trust is at the foundation of security transformation and organizational resilience in the face of major cybersecurity threats. Now, we've spent years building our zero-trust approach internally at Microsoft. We’ve proven its effectiveness against real-world attacks. We are committed to sharing what we have learned to help every organization accelerate their progress.

Attacks Can Come From ‘Inside And Outside’

Second is the importance of taking a much more comprehensive approach to security. Attacks can come from anywhere, both outside and inside. The only way to protect against that is to have this left to right, and top to bottom, security. And so we are focused on organizing the identity security, compliance, device management, as an interdependent whole, and extending protection to all data, devices, identity, platforms and clouds. No other company provides a comprehensive integrated solution across these key areas. This multi-cloud, multi-platform support is central to our approach of delivering consistency and simplicity for the defenders. And it allows us to maintain a broad ecosystem of leading security partners.

A ’Combination Of Leading Technologies’

And third, I would say it’s not enough to just build great products. A strong operational security posture requires a combination of leading technologies, comprehensive threat intelligence, and highly skilled people. All of these elements have to come together to create a trustworthy and secure environment that we all need.

We take this work very seriously. We’re investing $20 billion-plus to advance our security solutions over the next five years. It’s why we're providing $150 million to help our federal, state and local governments modernize their protections. It’s why we are partnered with community colleges across the United States to help close the skills gap by growing the cybersecurity workforce. And that's why we recently expanded in this program to additional 23 countries. But of course it doesn’t stop there. Now, as you said earlier, Vasu, the new challenges are rising every day, which means there's a lot of work ahead for all of us.