{"id":3397,"date":"2024-05-03T09:55:00","date_gmt":"2024-05-03T14:55:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80337"},"modified":"2024-05-03T09:55:00","modified_gmt":"2024-05-03T14:55:00","slug":"microsoft-organizational-changes-seek-to-address-security-failures","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/03\/microsoft-organizational-changes-seek-to-address-security-failures\/","title":{"rendered":"Microsoft organizational changes seek to address security failures"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Microsoft organizational changes seek to address security failures | CyberScoop<\/title> <meta name=\"description\" content=\"The company says securing its products is its top priority after a series of damaging, embarrassing breaches.&nbsp;\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-security-organizational-changes\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft organizational changes seek to address security failures\"> <meta property=\"og:description\" content=\"The company says securing its products is its top priority after a series of damaging, embarrassing breaches.&nbsp;\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-security-organizational-changes\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-05-03T14:55:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-05-03T14:29:43+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"eliasgroll\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1712700738g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1713212360g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1712858261g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80337\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80337\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-security-organizational-changes%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-security-organizational-changes%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80337 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-security-organizational-changes\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.164305949009\">\n<div class=\"single-article__header-content\" readability=\"30.27397260274\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The company says securing its products is its top priority after a series of damaging, embarrassing breaches.&nbsp; <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A Microsoft Experience Center is seen on Fifth Avenue on April 03, 2024 in New York City. (Photo by Michael M. Santiago\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.910201342282\"><body readability=\"61.295154185022\"><\/p>\n<p>Microsoft said it will tie compensation for some senior executives to hitting security targets and that it will prioritize security in its products over shipping new features, in what is the company\u2019s latest bid to address a string of recent breaches that have raised concerns that its software has become an easy target for hackers.&nbsp;<\/p>\n<p>The changes announced Friday are the latest update to what Microsoft calls its \u201cSecure the Future Initiative,\u201d which seeks to shift engineering resources toward security. In <a href=\"https:\/\/aka.ms\/SFIUpdate-May2024\">a blog post<\/a>, Charlie Bell, Microsoft\u2019s executive vice president for security, said that \u201cMicrosoft plays a central role in the world\u2019s digital ecosystem\u201d and that the company \u201cmust and will do more\u201d to secure its products. \u201cWe are making security our top priority at Microsoft, above all else,\u201d he wrote.&nbsp;<\/p>\n<p>In an email to staff Friday, Microsoft CEO Satya Nadella said that security is every employee\u2019s top responsibility and that going forward the company will prioritize security ahead of shipping new features for products, according to a source at the company.&nbsp;<\/p>\n<p>Friday\u2019s announcement comes on the heels of a <a href=\"https:\/\/cyberscoop.com\/microsoft-csrb-china-hacking\/\">scathing report by the Cyber Safety Review Board<\/a> examining a breach of the company by Chinese hackers. That report blamed the incident on a series of \u201coperational and strategic decisions that collectively point to a corporate culture that deprioritized both enterprise security investments and rigorous risk management.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Since that incident, in which Chinese hackers stole a highly sensitive signing key and used it to spy on senior U.S. government officials, Microsoft has disclosed another embarrassing incident, this time involving Russian hackers that accessed company source code and emails belonging to senior executives. Last month, CyberScoop <a href=\"https:\/\/cyberscoop.com\/federal-government-russian-breach-microsoft\/\">reported<\/a> that the pilfered emails included messages between Microsoft and U.S. federal agencies.&nbsp;<\/p>\n<p>Microsoft has said it faces ever-more sophisticated threats and that well-resourced attackers sponsored by nation states have made attacking the company a priority. While these groups are difficult to defend against, repeated breaches by Russian and Chinese hackers <a href=\"https:\/\/cyberscoop.com\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach\/\">have caused concern<\/a> in Washington that Microsoft, which is a crucial provider of IT services to the federal government, is failing to adequately invest in security measures and that the company has become a threat to national security.&nbsp;<\/p>\n<p>Friday\u2019s organizational overhauls appear aimed at addressing this criticism. According to the Microsoft blog post, the company is putting in place a series of governance changes to elevate the importance of security at the company, including partnering deputy chief information security officers with engineering teams.&nbsp;<\/p>\n<p>The company has identified six security priorities to guide its work going forward, including better protecting identities and secrets and better protecting tenant accounts and isolating production systems. Microsoft executives will be meeting weekly to assess the execution of these priorities, according to Bell.&nbsp;<\/p>\n<p>\u201cMicrosoft runs on trust and this trust must be earned and maintained,\u201d Bell wrote. \u201cThis is job #1 for us.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6593406593407\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/microsoft-organizational-changes-seek-to-address-security-failures-1.jpg?w=640&#038;ssl=1\" alt=\"Elias Groll\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Elias Groll<\/h4>\n<p> Elias Groll is a senior editor at CyberScoop. He has previously worked as a reporter and editor at Foreign Policy, covering technology and national security, and at the Brookings Institution, where he was the managing editor of TechStream and worked as part of the AI and Emerging Technology Initiative. He is a graduate of Harvard University, where he was the managing editor of The Harvard Crimson. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-security-organizational-changes\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft organizational changes seek to address security failures | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,757,78,293,281,625,270,1989],"tags":[277,759,86,299,285,630,276,1990],"class_list":["post-3397","post","type-post","status-publish","format-standard","hentry","category-china","category-cyber-safety-review-board","category-cybersecurity","category-department-of-homeland-security-dhs","category-hacking","category-microsoft","category-russia","category-satya-nadella","tag-china","tag-cyber-safety-review-board","tag-cybersecurity","tag-department-of-homeland-security-dhs","tag-hacking","tag-microsoft","tag-russia","tag-satya-nadella"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-safety-review-board\/\" rel=\"category tag\">Cyber Safety Review Board<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/satya-nadella\/\" rel=\"category tag\">satya nadella<\/a>","tag_info":"satya nadella","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3397"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3397\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}