Microsoft CEO Satya Nadella: There is ‘a big crisis right now’ for cybersecurity

In this article:

Microsoft (MSFT) is officially a cybersecurity giant. For the first time on Tuesday, Microsoft disclosed revenue from its various security offerings as part of its quarterly earnings — $10 billion over the last 12 months.

That amounts to a 40% year-over-year jump in the growing security business, making up roughly 7% of the company’s total revenue for the previous year.

“We waited in some sense [until] this milestone to show the depth, the breadth, the span of what we are doing,” Microsoft CEO Satya Nadella told Yahoo Finance in an interview on Wednesday, a day after the company released its quarterly earnings report.

“And, you know, [there’s] a lot of work ahead, but we are investing very heavily because guess what? You know 10 years from now we'll still be talking about it as technology becomes even [a deeper part] of our lives in our society in all critical industries.”

The $10 billion figure comes from the security-related revenue generated by services including Microsoft’s Azure Active Directory, Intune, Microsoft Defender for Endpoint, Office 365, Microsoft Cloud App Security, Microsoft Information and Governance, Azure Sentinel, Azure Monitoring, and Azure Information Protection.

FILE - In this May 6, 2019, file photo Microsoft CEO Satya Nadella delivers the keynote address at Build, the company's annual conference for software developers in Seattle. Microsoft says it has detected more than 740 infiltration attempts by nation-state actors in the past year targeting U.S.-based political parties, campaigns and other democracy-focused organizations including think tanks and other non-profits. (AP Photo/Elaine Thompson, File)
In this May 6, 2019, file photo Microsoft CEO Satya Nadella delivers the keynote address at Build, the company's annual conference for software developers in Seattle. AP Photo/Elaine Thompson, File)

Each of those makes up what Microsoft calls its Intelligent Cloud and Productivity and Business Processes segments. Those overarching segments generated $14.6 billion and $13.4 billion in revenue, respectively, in the company’s fiscal Q2 2021.

“What we have built is very helpful in times of crisis and there is a big crisis right now,” Nadella said. “But you need to sort of obviously build all of this over a period of years if not decades and then sustain it through not just product innovation, but also I would say, practice every day.”

The announcement follows Microsoft’s involvement in uncovering the breadth of the massive SolarWinds cyber attack in December, which hit private companies like cybersecurity firm FireEye (FEYE) and government agencies including the Treasury, Commerce, and State Departments, as well as the National Nuclear Security Administration and the Department of Homeland Security.

Microsoft itself was also hacked, though no customer data was breached. A Reuters report indicated that, as part of the hack of the National Telecommunications and Information Agency, Microsoft’s Office 365 software was attacked, allowing the intruders to monitor agency emails for months. Microsoft, however, said at the time that it has identified no vulnerabilities in its cloud or Office software.

Though hit by the attack, Microsoft also worked with the government and customers to help determine the scale of the hack.

“I was most proud that we became the first responders for this attack,” Vasu Jakkal, Microsoft corporate vice president of security, compliance, and identity marketing, told Yahoo Finance.

“We were the defenders that other defenders were turning to. We were working with FireEye and across the public sector and private sector coming together saying ‘What should we do, and how should we protect our world against it?’ ” she said.

WASHINGTON, May 21, 2020 -- Photo taken on May 21, 2020 shows the U.S. Treasury Department building in Washington D.C., the United States. U.S. Treasury Secretary Steven Mnuchin said Thursday that the administration will carefully review the economic situation in the next few weeks, and that he thinks there is a "strong likelihood" the country will need another COVID-19 relief bill. (Photo by Ting Shen/Xinhua via Getty) (Xinhua/ via Getty Images)
The U.S. Treasury Department was one of the victims of the SolarWinds hack. (Image: Xinhua/ via Getty Images)

Part of Microsoft’s ability to respond to the hack has to do with what’s called “zero trust” architecture, Nadella explained. Essentially that means a company’s cybersecurity capabilities always function as though there has been a breach of some kind. It’s a defense against being left flatfooted when a new hack comes along that you’re not able to protect against.

“One of the things about Microsoft’s investment is really not just about the security investment — which is substantial when you look at Defender or Sentinel or Azure Active Directory and the list goes on — but it is that ability to take all of our investments in AI and data and infrastructure and bring it to bear for security,” Nadella said. “And that I think is what makes us pretty unique.”

Working from home adds to companies’ security needs

The SolarWinds hack came as the coronavirus pandemic spurred many companies to allow their employees to work from home, which introduced a new attack vector for hackers. When you’re working from your office, you’re, hopefully, hooked into a secured connection that can monitor for things like malware or other strange network activity.

At home, though, you’re running on your own network, adding a wrinkle to your employer’s ability to protect itself. It wouldn’t take much for you to download malware on your computer at home, then accidentally send that software to your company’s systems when you connect to its network to update a spreadsheet or upload a report.

“Security has to be built in at every single point,” Jakkal said. “It cannot be an afterthought,”

Microsoft says it currently protects more than 400,000 customers across 120 countries, including 90 Fortune 100 companies. The tech giant breaks its security offerings down into four categories: security, compliance, identity, and management.

Part of that includes providing security not just for Microsoft-powered devices, but those running Apple’s (AAPL) iOS and macOS and Google’s (GOOG, GOOGL) Android, as well as products running on competing cloud platforms like Amazon’s (AMZN) Amazon Web Services and Google’s Google Cloud Platform.

“There needs to be a real different approach to creating a cybersecurity solution for customers,” Nadella said.

“In what is an interconnected world it's not about any one point solution, it is about having, I would say, an architectural approach, which then needs to be reinforced every day.”

As cloud services continue to expand, and Microsoft’s stake in the industry grows alongside it, protecting the customers who use those services will prove ever more important.

“It is not just transformation in order for you to remain in business. You need to have that digital control plane, not just for your workers so that they can log on to their PCs from home and be on Teams calls,” Nadella said.

“Your manufacturing plant needs to continue where the engineers, the operational data all need to be reasoned over. That is the transformation that I think we are seeing the acceleration of.”

Of course, hackers and cybercriminals will continue to hit at businesses regardless of what company they have protecting them. But with the continued growth in cloud computing and an expanded work-from-home environment, Microsoft stands to benefit as a player in the cybersecurity industry.

Sign up for Yahoo Finance Tech newsletter

Yahoo Finance Tech
Yahoo Finance Tech

Got a tip? Email Daniel Howley at [email protected] over via encrypted mail at [email protected], and follow him on Twitter at @DanielHowley.

More from Dan:

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, SmartNews, LinkedIn, YouTube, and reddit.

Advertisement