Why Microsoft’s insistence on acceleration should be treated with caution

Back in April, Microsoft CEO Satya Nadella claimed that the company had seen “2 years of digital transformation in 2 months” as a result of the Coronavirus pandemic. Although the statement might seem somewhat hyperbolic, looking back from our current place in time, it’s difficult to dispute that we’ve all been caught up in a wave of tremendous and rapid change.

Data published in August by Microsoft would appear to back up Nadella’s earlier assertion. Based on a survey of 800 businesses in the US, UK, Germany, and India, the results, Microsoft claim, highlights that the pandemic is “accelerating the transformation of cybersecurity.”

Much of the data clearly indicates that this could be true. Particularly telling is the increase in spending on cyber security: 58% of respondents increased security budgets, while 81% said they have plans to add to security staff. While it remains to be seen whether that actually happens, it’s nevertheless significant that despite the uncertain economic situation with redundancies across the global economy, cyber security could well be an area that’s set for growth.

image via Microsoft

The impact of the pandemic on the tech industry — and cyber security in particular — is something we’ve been thinking about a lot at Macrium. Just a few months ago we suggested that the tightening of IT budgets would mean a back to basics approach would become essential. However, if the data in Microsoft’s survey is indicative of a wider trend, then perhaps it’s not so much a case of back to basics, but of accelerating change.

However, while Microsoft’s breathless enthusiasm for this acceleration is understandable in these dour times, it certainly needs some caveats and caution. Digital transformation can be immensely powerful and valuable to organizations that approach it properly, but it can also lead to new challenges and security risks.

And, moreover — let’s not beat about the proverbial bush — it’s in Microsoft’s interests to present a vision of an industry moving at breakneck speed. And whatever its merits, tech professionals, and in particular those making decisions still need to be sensitive to their own needs, not what a major vendor thinks they need.

What did Microsoft’s Coronavirus survey results show?

There are plenty of interesting insights that come out of the survey. For example, multi-factor authentication emerged as the top cybersecurity investment made during the pandemic.

From a geographic perspective there were some interesting stories too. in the US, for example, endpoint device protection came out on top, while in India it was anti-phishing tools, perhaps indicating the ways IT manifests itself in different ways around the world.

Data via Microsoft

Meanwhile, although the growth in cybersecurity is certainly impressive, it’s worth noting that this was split between hiring new staff and outsourcing to freelancers and agencies. This hints that there’s still a feeling of caution across many organizations. They need the personnel, but they don’t want to risk an expanding team.

Data via Microsoft

The implications of the survey results… according to Microsoft

Microsoft argues that there are 5 key elements to the changes captured in its survey.

• Increasing digital empathy — “Companies were reminded that security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences.”
• Increased adoption of zero trust networks — 94% of survey respondents said they were “in the process of deploying new Zero Trust capabilities to some extent.”
• Improved threat intelligence
• The importance of cyber resilience (something we’ve covered here)
• The importance of cloud in modern cyber security

Undoubtedly the turn to digital empathy and a focus on end users is something to be celebrated and even encouraged. Similarly, the emergence of cyber resilience as a more holistic and ultimately beneficial paradigm for securing data, systems, and software will be valuable for the future.

Approach with caution

However, it’s important to treat the other points with some caution. While Zero Trust networks, for example, are likely to be immensely beneficial to many organizations (it’s hard to dispute the claim that “Zero Trust architecture will eventually become the industry standard), they won’t be right for every organization out there.

Microsoft claims that “every organization is on a zero trust journey” — and yes, that might be true, but every organization is at very different points on that journey. When you take into account that the companies responding to the survey all have at least 500 employees, the perspective of much smaller businesses is sorely lacking here.

Furthermore, Microsoft’s emphasis on the improvements to threat intelligence and the importance of cloud is arguably overstating the technological needs of many businesses. Indeed, there’s a focus on complex and sophisticated infrastructure here that might be alienating to smaller companies. This isn’t to say that the benefits of cloud and ‘data diversity’ aren’t significant, but rather that these benefits are tacitly encouraging businesses to think in a way that simply might not be right for them.

If it’s appropriate, on-prem infrastructure is perfectly fine — there’s no need to worry about additional sophistication just because Microsoft said you should.

Conclusion: Start with the basics

With all this in mind, the ‘back to basics’ approach remains valid. While it would seem that rapid acceleration is necessary and, indeed, possible for many medium sized and larger organizations, this should only be done with robust foundations in place.

In a nutshell, that’s what good cyber resilience is all about.

Macrium is an important piece of the cyber resilience puzzle for many businesses around the world. Learn how Macrium can help you with its range of backup products.