Microsoft’s bid to prioritize security amongst its products and services takes a new turn with the company now mandating employees demonstrate tangible core security improvements in their projects or purview.
An internal memo issued by Microsoft chief people officer, Kathleen Hogan details the two-part security focused employee mandate that’s broken into common and core elements of accountability in regards to future performance reviews.
Going forward, managers and executives will make use of Microsoft’s Connect performance tool to track and review security deliverables from the various departments and company employees.
Our new Security Core Priority reinforces our commitment to security and holds us accountable for building secure products and services. It is now available in the Connect tool for most employees, and we are partnering with geo HR teams to expand access to all employees globally. The Security Core Priority is not a check-the-box compliance exercise; it is a way for every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify your contributions and to recognize you for your impact. We all must act with a security-first mindset, speak up, and proactively look for opportunities to ensure security in everything we do.
Kathleen Hogan
Furthermore, Hogan breaks down the two core components of evaluation employees are tasked with delivering that include a core and common element. The Core priority involves employees’ whose projects deal with technical expertise, customer or partner-facing interactions while the common elements look to be based on specific teams, organization and internal security efforts.
Microsoft has been the punching bag of both cybercriminals and the cybersecurity experts for a bit of time now, with several high-profile digital threats associated with products and services causing enough headaches that Congress stepped into question the company’s oversite and mishandling of events.
Back in May of this year, CEO Satya Nadella issued a vaguer security-focused proclamation to employees, but since his internal memo was published, the company has made moves to follow up on its security-first mindset. Microsoft has deprecated the older authentication methods used for its Exchange mail clients across the web, forcing users to engage with Modern Authentication and as a result, breaking its compatibility with third party email clients such as Apple Mail, Thunderbird, and even its own older Outlook app.
Over twenty years ago, former Microsoft CEO Bill Gates called for a similar reorientation of the company’s focus to be centered on security, and for a time, Microsoft was among the most trusted brands in that regard.
In the age of ever sophisticated malware, constant cyberthreats, and vulnerable legacy software compatibility, it’s going to be interesting to see if Microsoft can regain a similar level security competence it once held.
