Skip to main content
close search
site logo
Dive Brief

Microsoft’s CISO on why cloud matters for security response

Cloud can give companies insight into current and future threats as the landscape grows more complex, said Bret Arsenault.

Published Sept. 29, 2022
Roberto Torres's headshot
Editor
Microsoft logo on buidling
Microsoft plans to save big by extending cloud server life, reducing capital expenditures. Drew Angerer / Staff via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Microsoft CVP and CISO Bret Arsenault said cloud is a key component of cybersecurity defense amid a climate of increasing identity-based attacks, speaking Wednesday during a Washington Post Live event.
  • Microsoft analysis shows a 60% increase in password-based attacks, Arsenault said. Password attacks went from 600 per second last year to 920 in 2022, according to Arsenault.
  • "You want to be able to have a signal that helps you see, predict and protect you from those kinds of situations," said Arsenault. "That honestly can really only be done at cloud scale."

Dive Insight:

Consider the threat landscape an organization must grapple with today. From insider threats to remote ransomware attacks or supply chain software compromises, the watchword is: trust no one.

No organization is immune to attacks, especially as sophisticated actors target the authentication process. A recent text-message phishing campaign dubbed Oktapus or Scatter Swine compromised almost 10,000 user credentials across 136 organizations.

The pervasiveness of identity-based attacks led Microsoft to begin a journey toward a passwordless environment that is years in the making. 

"Instead of saying 2FA everywhere, which meant having a smart card or some other component, we said: what if we could just get rid of passwords? And that became a design change principle for the way we did things," said Arsenault.

Having the power of the cloud to detect, track and respond to threats has been a key component to cyber defense at Microsoft, he said.

"The ability to have signal and then to act on that signal, and I see it repeatedly in our environment, is really changing the game for us," said Arsenault.

Arsenault depicted a "brilliant basics" model to fending off attackers:

  • Make sure you have multifactor authentication
  • Only allow access from certifiably healthy devices
  • Ensure you're collecting the telemetry that lets you look for and/or detect anomalies as they happen at cloud-scale.

Organizations thinking through their security posture see the cloud as both an enabler and a risk factor, research shows. 

Three in five companies believe cloud leads to faster and more flexible threat response, but the same proportion says cyber concerns constitute an obstacle to, and a reason, for cloud adoption, according to a report from Presidio

Cloud implementations are an attractive target for malicious actors. 

More than 4 in 5 companies report they've had a cloud-related security incident in the last 12 months, Venafi data shows. Nearly half of companies say they've had at least four incidents over the same period. 

Filed Under: Cloud, Security

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cloud
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell