Microsoft announces the Secure Future Initiative to improve security of its products

Cyberattacks are becoming more frequent and dangerous, affecting many aspects of our daily lives. As a leading technology company, Microsoft has a huge responsibility to play in securing the future for its customers. Brad Smith, Vice Chair and President of Microsoft, today announced the Secure Future Initiative which detailed steps to improve cyber security. As part of this new Secured Future Initiative, Microsoft will follow the below:

• Dramatically increasing the speed of vulnerability response and security updates: Microsoft will cut the time it takes to mitigate cloud vulnerabilities by 50 percent.
• Making it even harder for identity-focused espionage and criminal operators to impersonate users:  To stay ahead of bad actors, Microsoft is moving identity signing keys to an integrated, hardened Azure HSM and confidential computing infrastructure where signing keys are not only encrypted at rest and in transit, but also during computational processes as well.
• Transforming secure software development with automation and AI: To continually deliver software that is secure by design and in deployment, Microsoft is expanding automated threat modeling against its code to anticipate and defeat future attacks. Microsoft is also expanding its use of memory safe languages (C#, Python, Java, and Rust), to eliminate entire classes of traditional software vulnerabilities.
• Embedding more security defaults into products for out-of-the-box protection. Microsoft revealed the impact it’s created introducing mandatory multi-factor authentication (MFA) and other on-by-default security settings in its products, and shared insights on how it will expand security defaults guided by learnings.

Microsoft will share more details about these changes with its employees in the coming days. You can read the internal email Microsoft shared with its employees here.