Canadian Cyber Security Journal
Filed under: News

Microsoft is slowly but surely laying the groundwork to make security its secret weapon in the cloud wars with Amazon

  • Microsoft hired longtime Amazon Web Services exec Charlie Bell to run a new security organization.
  • This coincides with the company’s large spending on developing security products in recent years.
  • Insiders say security is a big chance for Microsoft to shore up its reputation and upsell customers.Microsoft’s hiring of Charlie Bell has made waves through the cloud industry, as the longtime Amazon Web Services executive unexpectedly joined his now-former employer’s fiercest competitor. Bell is expected to lead a newly-formed engineering organization at Microsoft, focused on security, compliance, identity and management.Now, some Microsoft partners say that being able to bring on Bell wasn’t only a PR coup — it puts Microsoft in a position to make cybersecurity a core piece of its cloud strategy, and something of a secret weapon against AWS.

    “Someone with that industry profile sends a big signal,” says Paul Robichaux, senior director of product management at Quest Software, a large IT solutions provider that works across major clouds. Robichaux likens Bell’s move to Kai-Fu Lee leaving Google China, which cratered the company’s ambitions in the region, or former Azure marketing head Julia White leaving Microsoft for SAP.

    In a reputational sense, hiring Bell shows that Microsoft is taking cybersecurity seriously, which comes after its role in the SolarWinds hack and its aftermath raised eyebrows across the industry.

    But the renewed focus is also a savvy business move, partners say: It gives Microsoft more leverage to assure customers that it can protect them from their top fear in using the cloud — namely, security breaches — while also allowing it to upsell those customers on security features.

    “We still live in a world where it’s cool to spell Microsoft with a dollar sign and talk about how their security is crap, but the reality is they have invested probably more in their security across all their platforms than anybody. And that’s a very strong signal about what they think their priorities are,” Robichaux said.

    Indeed, Microsoft has invested heavily in cybersecurity in recent years, to the tune of $1 billion per year. That investment appears set to accelerate: In August, Microsoft pledged to spend $20 billion over the next five years developing cybersecurity products, even as its CEO Satya Nadella met with President Joe Biden to discuss the importance of protecting America’s technology infrastructure.

    The company’s big push has already borne fruit, including with the launch flagship products like Azure Sentinel, which can identify and respond to threats in the cloud, as well as also products bundled with Office 365 productivity tools like Microsoft Defender for Endpoint, which helps protect enterprise employees using company software from ransomware attacks.

    The partners say that Bell is the right leader to take it to the next level, signalling to customers and competitors alike that it’s investing in its cybersecurity product line.

    “Bell has proven that he can build, pitch, sell the value prop, and get usage from a security line item,” says Adam Mansfield, practice lead at UpperEdge, a consulting firm specializing in the negotiation of IT contracts. “That’s not a coincidence.”

    Mansfeld also notes that Microsoft announced an increase in Office 365 pricing, which will take effect in March 2022. Prices for the lower-tier offerings which lacked some security features were raised by the highest percentage, up to 25%, while the security-studded higher tiers will only see a 9% to 10% increase. Mansfield sees this, coupled with billions in security investments and the hiring of a world-class cloud executive like Bell, as the tools for Microsoft to make a stronger argument for its security products.

    A focus on selling security products bundled with Office 365, like Defender for Endpoint, allows Microsoft to also siphon off IT spend from more niche vendors like CrowdStrike, says Tony Velleca, CEO of CyberProof and chief information security officer of its parent company UST, which builds security tools on top of Microsoft products and is part of the Microsoft Intelligent Security Association.

    He says that Microsoft’s pricing and emphasis on endpoint protection tools signals that it’s especially interested in competing with CrowdStrike, which has gained momentum during the COVID-19 pandemic as distributed workforces to protect workers from threats like ransomware.

    But as much investment as Microsoft is making, Velleca still sees the company in a phase of launching new security products and learning how they fit into the market.

    “There’s a huge learning curve on Microsoft saying, ‘how do I price it? How do I even benchmark it against competition?'” Velleca said. “The majority of the emphasis right now is figuring that problem out.”

Enjoy this article? Don’t forget to share.