The front line: Microsoft UK CTO on tackling cyber security

Microsoft is a huge player in the cyber security space, although many people don’t realise this. The company invests $1 billion annually in cyber security.

The majority of this investment goes into securing Microsoft’s own systems — which makes sense for an organisation whose systems, such as Office 365, Windows on the desktop and the Azure cloud platform. But, because of their popularity, these systems need to be trusted and secure.

Microsoft, like many multinationals, is a big target for hackers. The security of its platform, therefore, needs to be state-of-the-art. And that’s why there is such large levels of investment in it.

>Read more on The importance of having both ‘technical and business outcome skills’ — Microsoft UK CTO

However, that is not where all the cyber security investment goes. The second area surrounds particular security products or services that Microsoft offers to its customers.

“We deliver a number of capabilities, such as our Advanced Threat Protection products, around mobile device management, which customers use to secure their own estates,” says Michael Wignall, CTO, Microsoft UK. “In that space, we’ve got Microsoft Security Graft, which takes all of the signals and telemetry we have from billions of data points around the world to give us a good view of the threat landscape. We feed that information into the systems to try and proactively mitigate threats as they come up.”

The UK

From a UK perspective, Wignall and his team do a lot of work around making sure the global message of cyber security meets any UK-specific requirements.

For example, the UK’s National Cyber Security Centre has published 14 cloud security principles for cloud providers to evidence how they do things, such as encrypt data at rest and in transit, or provide strong authentication for user access.

>Read more on Cyber security best practice

Accordingly, Wignall and his team have done a lot of work to make sure the controls they put in place on their platforms meet the UK Government’s security principles. This means “we can run workloads that are ‘official’, or official sensitive on our cloud platforms. We’ve done that for Government.”

“If the UK has a particular requirement, which it often does, and it’s quite forward thinking in this space, then that gets fed back into corporate engineering and then built into the product as a whole. So everyone gets the benefit of it.”

Michael Wignall leads Microsoft's response to cyber attacks against the UK and UK-based customers
Michael Wignall leads Microsoft’s response to cyber attacks against the UK and UK-based customers

On the front line

As CTO of Microsoft UK, Wignall and his team are on the front line when there are key cyber incidents in the UK — when things like the WannaCry attack happen on the NHS.

The NHS is a heavy user of Microsoft technology, and so the tech company works very closely with the NHS, its global cyber defence operations and the National Cyber Security Centre to try to mitigate threats that happen specifically in the UK to UK customers.

>Read more on Who is responsible for cyber security in the enterprise?

Wignall does have a National Security Officer in his team, who owns the overall escalation — Stuart Ashton. He orchestrates and liaises and deals with all the interfaces between different parts of the business.


Making sure systems are up-to-date is essential in mitigating the cyber threat. It was one of the main factors that contributed to severity of WannaCry. From Microsoft’s perspective, there is a need for customers to get off Windows XP or even Windows 7, which is end-of-life next year. Those that use Microsoft should move to Windows 10 and the latest versions.

>Read more on A CTO guide: The main challenges of cyber security

“Don’t use older versions of core technologies, whether it’s desktop operating systems or collaboration systems,” explains Wignall. The shift to cloud with SAS applications, whether they’re Microsoft or others, also requires regular updates or ‘patches’.

“Just make sure that you’re using the latest capabilities in every area and that they’re patched,” says Wignall. “Some of that is not about brand new features; it’s more about vulnerability. They’re going to be in all software, so just make sure those vulnerabilities are closed out before the attackers can take advantage of them.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...