The front line: Microsoft UK CTO on tackling cyber security

Michael Wignall - Microsoft UK - leads the front line response to cyber security incidents against the UK in his role as CTO The front line: Microsoft UK CTO on tackling cyber security image

Microsoft is a huge player in the cyber security space, although many people don’t realise this. The company invests $1 billion annually in cyber security.

The majority of this investment goes into securing Microsoft’s own systems — which makes sense for an organisation whose systems, such as Office 365, Windows on the desktop and the Azure cloud platform. But, because of their popularity, these systems need to be trusted and secure.

Microsoft, like many multinationals, is a big target for hackers. The security of its platform, therefore, needs to be state-of-the-art. And that’s why there is such large levels of investment in it.

>Read more on The importance of having both ‘technical and business outcome skills’ — Microsoft UK CTO

However, that is not where all the cyber security investment goes. The second area surrounds particular security products or services that Microsoft offers to its customers.

“We deliver a number of capabilities, such as our Advanced Threat Protection products, around mobile device management, which customers use to secure their own estates,” says Michael Wignall, CTO, Microsoft UK. “In that space, we’ve got Microsoft Security Graft, which takes all of the signals and telemetry we have from billions of data points around the world to give us a good view of the threat landscape. We feed that information into the systems to try and proactively mitigate threats as they come up.”

The UK

From a UK perspective, Wignall and his team do a lot of work around making sure the global message of cyber security meets any UK-specific requirements.

For example, the UK’s National Cyber Security Centre has published 14 cloud security principles for cloud providers to evidence how they do things, such as encrypt data at rest and in transit, or provide strong authentication for user access.

>Read more on Cyber security best practice

Accordingly, Wignall and his team have done a lot of work to make sure the controls they put in place on their platforms meet the UK Government’s security principles. This means “we can run workloads that are ‘official’, or official sensitive on our cloud platforms. We’ve done that for Government.”

“If the UK has a particular requirement, which it often does, and it’s quite forward thinking in this space, then that gets fed back into corporate engineering and then built into the product as a whole. So everyone gets the benefit of it.”

Michael Wignall leads Microsoft's response to cyber attacks against the UK and UK-based customers

Michael Wignall leads Microsoft’s response to cyber attacks against the UK and UK-based customers

On the front line

As CTO of Microsoft UK, Wignall and his team are on the front line when there are key cyber incidents in the UK — when things like the WannaCry attack happen on the NHS.

The NHS is a heavy user of Microsoft technology, and so the tech company works very closely with the NHS, its global cyber defence operations and the National Cyber Security Centre to try to mitigate threats that happen specifically in the UK to UK customers.

>Read more on Who is responsible for cyber security in the enterprise?

Wignall does have a National Security Officer in his team, who owns the overall escalation — Stuart Ashton. He orchestrates and liaises and deals with all the interfaces between different parts of the business.

Up-to-date

Making sure systems are up-to-date is essential in mitigating the cyber threat. It was one of the main factors that contributed to severity of WannaCry. From Microsoft’s perspective, there is a need for customers to get off Windows XP or even Windows 7, which is end-of-life next year. Those that use Microsoft should move to Windows 10 and the latest versions.

>Read more on A CTO guide: The main challenges of cyber security

“Don’t use older versions of core technologies, whether it’s desktop operating systems or collaboration systems,” explains Wignall. The shift to cloud with SAS applications, whether they’re Microsoft or others, also requires regular updates or ‘patches’.

“Just make sure that you’re using the latest capabilities in every area and that they’re patched,” says Wignall. “Some of that is not about brand new features; it’s more about vulnerability. They’re going to be in all software, so just make sure those vulnerabilities are closed out before the attackers can take advantage of them.”

Latest news

divider
Emerging Technology & Innovation
Tech Leaders Awards 2018 – winners revealed

Tech Leaders Awards 2018 – winners revealed

18 September 2018 / The event, presented by Information Age and sponsored by Bae Systems, Frank Recruitment, SailPoint and Zena, was [...]

divider
Cloud & Edge Computing
Key enterprise IT markets to shift to the cloud by 2022

Key enterprise IT markets to shift to the cloud by 2022

18 September 2018 / It appears that it’s a critical period for traditional infrastructure providers, as more enterprises shift [...]

divider
Major Contracts
Capgemini launches strategic initiative with AWS

Capgemini launches strategic initiative with AWS

18 September 2018 / With a focus on their European clients, Capgemini and AWS will enhance business insights, agility, security [...]

divider
Software and Applications
Why subscription apps could make or break your mobile business

Why subscription apps could make or break your mobile business

18 September 2018 / A recent study by mobileinsurance.com revealed that the average person spends 90 minutes a day [...]

divider
Business Continuity
Website outages and how to prevent them

Website outages and how to prevent them

17 September 2018 / Unplanned website outages are incredibly frustrating for any organisation. Even the shortest downtime can shatter [...]

divider
Data Storage & Data Lakes
A perfect storm: the environmental impact of data centres

A perfect storm: the environmental impact of data centres

17 September 2018 / It seems there is a perfect storm brewing in the world of data centres. According [...]

divider
Business & Strategy
CTO on our doorstep: David Genn, CTO at Goji

CTO on our doorstep: David Genn, CTO at Goji

17 September 2018 / When the regulator comes knocking, companies had better be ready. So it is with the [...]

divider
Diversity
Number of women studying computer skills falls by a third

Number of women studying computer skills falls by a third

17 September 2018 / It’s hard to argue against how computer skills will be essential for the future. Despite [...]

divider
Smart Cities
Renewable energy storage and the future of smart cities

Renewable energy storage and the future of smart cities

17 September 2018 / ‘Smart cities’ are no longer considered to be just a buzzword; they are a topic [...]

Do NOT follow this link or you will be banned from the site!