Microsoft Inspire 2022: What a Long, Strange Trip It's Been
I am old enough to remember when colleagues would jokingly (or not so jokingly) refer to the Bill Gates era Microsoft as "the evil empire." After all, this is the company that achieved fame during an investigation by the US Department of Justice for having an internal strategy called “embrace, extend and extinguish.” The strategy came out of a meeting in which the company stated it could "kill HTML by extending it." Some might suggest that view did not only apply to standards, but also to partners. However, let's be clear: this was 1995, 27 years ago (when did I get so old?). And I'm not even going to touch the Steve Ballmer era.
But since Satya Nadella took over in 2014, things have been very different.
Microsoft is now considered a good citizen in the industry, with a “better together” attitude, working with partners and customers to benefit everyone. This spirit came to the fore at last week's Inspire event with a major focus on working with and enabling the 400,000 partners in its global ecosystem, that employ over 22 million people. Microsoft announced updates to its ISV partner program, and its commercial marketplace to help partners build and sell software and services. You can read a more detailed overview and find links to details in this Microsoft blog post.
Security Is No Longer a Joke
Back in Microsoft's evil empire days, I was working at a major research university supporting research scientists and PhD students using Windows, Unix, Linux and MacOS. Guess which OS had the worst reputation for security? You guessed it, Windows! Regular fights broke out over what should be the standard antivirus package. However, this is also old news.
Not only has Microsoft taken security seriously for a long time now, but that security extends from its desktop and server operating systems to its cloud environments. The previously catchy title of Microsoft Cloud Application Security Broker (MCAS) has been replaced by Microsoft Defender for Cloud Apps, but it’s still a good solid cloud access security broker (CASB) that helps to protect your applications and data. A CASB acts as a real-time gatekeeper to broker access between your users and the cloud resources they are allowed to use. MS Defender for Cloud Apps allows you to discover and control the use of shadow IT (unofficial, often consumer grade applications), and to protect sensitive information. By detecting unusual behavior, it identifies ransomware and other rogue apps, alerting your InfoSec team to potential threats.
The next level in Microsoft’s cloud security architecture is Sentinel. Sentinel is its security, information and event management (SIEM) solution, but it also has a security orchestration, automation and response (SOAR) capability. We sure love our acronyms in IT.
But what do these acronyms really mean? Well according to Microsoft, Sentinel will:
- Collect data at massive cloud scales from users, devices, apps and infrastructure components.
- Detect previously undetected threats.
- Use AI to investigate threats and hunt for suspicious activities among all that collected data.
- Respond to threats and security incidents with its build in orchestration capabilities.
So, between Defender for Cloud Apps, Sentinel and all the other Microsoft security and governance capabilities, you have an extremely solid foundation. But last week, Microsoft upped the game another notch, with the announcement of Microsoft Cloud for Sovereignty.
Related Article: Microsoft Build: 5 Digital Workplace Related Announcements
What Is Data Sovereignty and Why Is It Important?
Wikipedia has a detailed page on data sovereignty so we can quote the pithy one sentence explanation:
“Data sovereignty is the idea that data are subject to the laws and governance structures within the nation it is collected.”
The Evolution of Employee Recognition
Leveraging the power of appreciation to improve the employee experience
How to Build a More Innovative and Resilient Workplace Culture
What would happen if every member of your team came to work focused on finding solutions and creating better results?
3 Secrets to Accelerating Transformation to Improve CX + EX
Learn about force multipliers that will reduce technical debt and grow revenue while reducing costs
Why Knowledge Management Is Critical to Business Resiliency
How Organizations are Future-Proofing Business by Harnessing Company and Employee Knowledge
What this means in practice is countries may have laws which state data collected in that country or data about their citizens must remain in the country. Such laws often pose problems for globally scaled cloud computing providers, and result in options like customers being able to encrypt their data with their own keys (customer managed encryption also known as “bring your own key”) to ensure its security, and the ability to configure where data is stored at rest.
One of the major announcements from Inspire was the release of Microsoft Cloud for Sovereignty, a new solution aimed at helping public sector customers meet their national policy, compliance and security requirements.
This new offering will be built on Microsoft’s public cloud, but will ensure that internal development and management practices are transparent and compliant with local laws. Of course with Azure data centers all over the world providing over 60 "cloud regions," Microsoft already has a good start on providing local storage to ensure data residency requirements for specific countries or political entities such as the EU. Microsoft Cloud for Sovereignty builds on this by adding capabilities for encryption and other governance functionality including encrypted memory technology called Trusted Execution Environments (TEE), and Hardware Security Modules (HSM) that prevent malicious users from tampering with encryption keys.
Related Article: End of Year Incidents Remind Us of Our Corporate IT Vulnerabilities
Microsoft's Unique Corporate Journey
Let's go back to the partner announcements: Microsoft stated that Microsoft Cloud for Sovereignty is "being designed as a partner-led, partner-first solution." You can appreciate how this would be the best approach, with specialist partners around the world that have deep understanding of the local laws and regulations in that particular jurisdiction, and expertise in helping corporations work within them.
When I realize how old I am and how long I have been playing with computers — from building networks on Windows for Workgroups, to Windows NT and implementing Windows 2000 Server, and the excitement of the first SharePoint, before getting to the point where I could hire other people to build the servers and systems — Microsoft’s journey has been nothing but amazing. From the Evil Empire that we believed didn’t understand or take security seriously, who wanted to quash open standards, and to buy out and then phase out partners products, to where it is today, it's a unique corporate journey. I can say with certainty that I much prefer the Microsoft that “works better together” with its partners, and puts some serious funding, research and effort into information security and information governance.
And to finish on a high, so to speak, check out Azure Space (literally interplanetary cloud ops!).
About the Author
Jed Cawthorne is principal product manager at NetDocuments. He is involved in product innovation and product management and working with customers to make NetDocuments phenomenally successful products even more so.