REDMOND, Wash. -- Software companies should welcome the harsh spotlight that's been put on the technology industry this year, Microsoft Chief Executive Officer Satya Nadella said in an interview at the company's 500-acre campus in Washington.
"Having the scrutiny is actually good, I think," he said. The tech industry shouldn't think of such examinations as "attacks on us," he added.
"Anyone who is providing a very critical service needs to raise the standards of the safety of that technology and the security of that technology," he said.
Nadella's statements underscore the unique and enviable position that Microsoft finds itself in, compared with its counterparts.
Microsoft has dodged the bruising that its peers have taken this year. Executives from Facebook, Google and Twitter have testified before Congress, pressed to explain their privacy practices and the exploitation of their platforms by Russian operatives. Apple and Amazon have been the targets of criticism from President Donald Trump.
But Microsoft, which runs the world's largest corporate email program and one of the biggest cloud-computing businesses, has not only escaped the negative attention of its industry peers, but it has also turned potential attacks on its systems into an asset.
In August, Microsoft said it had disrupted attempts by a group affiliated with Russia's foreign intelligence service to create phony websites to launch cyberattacks on the U.S. Senate as well as a prominent conservative public policy organization. The announcement demonstrated the aggressive role Russian operatives are playing ahead of the U.S. midterm elections.
Microsoft paired the Russia disclosure with the launch of a new security-monitoring service offering heightened threat protection that it will provide free of charge to government officials, candidates, campaigns, and other political entities that are Microsoft clients. The company said more than two dozen officials and organizations have signed up for its AccountGuard product.
More than 400 million emails pass through the company's malware filters each day.
The announcement appeared to prompt competitors to unveil similar offerings. Facebook, in the throes of its own security troubles, launched a pilot project to protect the accounts of political candidates shortly after Microsoft did.
Nadella, who has described security as "the most pressing issue of our time," contrasted the hard lessons that younger firms like Facebook are learning this year with Microsoft's own challenges.
Founded in 1975, Microsoft is a generation or two older than Google and Facebook. Nadella said the company's "big moment" in terms of a major security wake-up call took place around 2000, when WindowsXP and other products suffered a series of embarrassing cyberattacks that affected many of the company's large government customers.
The scare prompted then-CEO Bill Gates to issue a companywide edict, known internally as the Trustworthy Computing Initiative, that changed how Microsoft viewed security. From then on, Microsoft began to design security features into all its products from the ground up, Nadella said. For example, the company delayed the launch of Windows Vista in order to follow new security protocols, such as threat modeling and reducing the number of people who have access to a system.
New threats accompanied the explosive growth of the Internet and the rise of smartphones, leading to the creation of the Digital Crimes Unit, a division whose goal was to go after botnets, or groups of computers that infect other computers to steal banking and other personal data. Staffed by former prosecutors, the unit adopted a novel legal strategy of obtaining secret court warrants that enabled it to seize computers and Web domains affiliated with the botnets.
The unit brought the suits on the grounds that the fake emails used to spread malware violated Microsoft's trademarks. The secrecy enabled the the unit to shut down domains without spooking or tipping off bad actors.
Since 2016, the Digital Crimes Unit has turned its focus to nation-state actors including Russia, China, North Korea and Iran, and it is now tracking roughly 70 commercial and nation-state threat groups, according to the company. Each group gets a code name after an element on the periodic table. The Russian intelligence agency, or GRU, is called Strontium. The unit has obtained three secret warrants from U.S. courts to go after Strontium-controlled domains, including six used in the attack Microsoft disrupted in August, according to the company.
Consumer companies are just waking up to a new array of security challenges, Nadella said. But because Microsoft has been responsible for securing the data of large corporations, "I've lived in what I think is high scrutiny all [my] life," he said.
"It could be that some companies that are predominantly consumer companies are realizing that even consumers are going to be very discriminate ... in terms of their technology use and their demands of technology vendors. ... So I say, welcome to the club," Nadella said.
Business on 10/10/2018