What you need to know
- Microsoft is doubling down on its security efforts and will now require every employee to “have security as a Core Priority.”
- The employees’ efforts toward the cause will directly impact promotions, salary raises, and performance bonuses.
- Microsoft had initially rolled out a similar policy that tied a section of top executives’ compensation packages to their security deliverables.
“Security underpins every layer of the tech stack, and it’s our No. 1 priority,” indicated Microsoft CEO Satya Nadella during the company’s earnings report for FY24 Q3. “We are doubling down on this very important work, putting security above all else, before all other features and investments.”
In May, the firm announced its plans to start holding top Microsoft executives accountable for cybersecurity by tying a section of their compensation packages to meeting the set security thresholds. It also promises to it expedite its response time when security issues are raised, prompting remediation.
Microsoft is seemingly doubling down on its cybersecurity efforts. In an internal memo seen by The Verge, Microsoft’s chief people officer Kathleen Hogan indicated, “Everyone at Microsoft will have security as a Core Priority.” Microsoft wants its employees to prioritize security across their workflow and to hold themselves accountable.
Similar to the company’s earlier arrangement with top executives, the employee’s performance and dedication to the cause will direct impact promotions, salary raises, and performance bonuses. “Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards,” added the tech giant in an internal Microsoft FAQ on its new policy.
While Microsoft reportedly disbanded its Diversity, Inclusion, and Equity (DEI) team due to “changing business needs,” the company indicated that it’s still committed to the cause. As it happens, security and diversity are now key elements of performance conversations at the company.
As part of Microsoft’s broader efforts, its employees will need to highlight the contributions toward bolstering security across the company’s tech stack. This could include integrating security into product design processes, ultimately making the end product a “safe haven” for customers.
🔥The hottest trending deals🔥
Microsoft’s priorities are in check
As you may know, the tech giant has been placed under fire for a cascade of security failures, including an attack that allowed hackers to access emails belonging to top Microsoft executives. The US government has also been placed on the spot for its silence over Microsoft’s cybersecurity challenges.
Microsoft’s stronghold in the industry coupled with an overreliance on its cloud business has potentially given the company a free pass for its shortcomings, as the US government often opts to look the other way and continue leveraging its services.
Microsoft decision to beef up security across its product and services happens a few weeks after a massive outage caused by a faulty CrowdStrike update that left more than 8.5 million Windows devices with BSoDs. While the issue has been resolved and determined that it was Microsoft’s fault, affected customers like Delta Air Lines could move to court to seek damages from Microsoft and CrowdStrike amounting to over $500 million.
Delta CEO Ed Bastian called Microsoft’s systems are “probably the most fragile platform,” while indicating that the airline company may rethink its partnership with Microsoft and CrowdStrike. If Delta decides to seek exceptional services elsewhere, Microsoft could leave a ton of money on the table. However, it has already started making elaborate measures to prevent the reoccurrence of such an incident, including restricting security software like CrowdStrike’s Falcon from accessing Windows 11 at a kernel level.