5 questions for Stephanus Schulte, Microsoft security expert.
How will the security market change? How does Microsoft defend itself against hackers? What makes for successful cloud and AI projects? Stephanus Schulte, Technical Architect Security & Compliance Partner, Microsoft Germany, answers these questions and more on the topic of security.
Stephanus Schulte has been working for Microsoft for 12 years advising Microsoft partners in the security and compliance sectors. Stephanus Schulte has noticed an increase in the need for partner and customer consultation over the past few years: “Digital transformation in the form of cloud and AI projects requires clearly defined goals and good expert advice. Simply putting your head down and getting on with it doesn’t work in this case.”
What do you see as current and future developments in the security market?
What we’re seeing is a strong change in paradigms. The topic of security has changed a lot over the past few years, not because threats or security itself have changed, but because people now work differently. People collaborate more intensively. They are always connected, and they work anywhere and everywhere: home office, airports, on the train or at different branches. And this ultimately changes the way they protect themselves from threats. Firewalls are, of course, still important, but they are no longer effective against today’s threats. We need to protect our identities and information, using the signals we get from various sensors—including the cloud and our identity solutions—to keep ourselves secure. The simplest and most affordable way is with apps. Virtually everyone has a smartphone. So for example, I can receive notifications that I have to confirm via an app that’s managed by IT. This is a secure, alternative mechanism to a password.
Instances of cybercrime are rising and Microsoft is advertising the “most secure Windows ever”. How can you keep this promise?
Windows 10 breaks tradition with the Windows of the past in many ways. This means that we’re doing away with “a new release every three years”—we will instead continue to develop this version and update the operating system in plannable cycles. The challenge we faced in the past in terms of security was that users were unfortunately not showing the consistency or thoroughness we’d like to see in implementing updates and security updates. For this reason, we have taken responsibility and coordinated security and feature updates through us, in the same way as with apps and smartphones. Additionally, it’s a fact that we update the security features of every release, making security a key feature, and meaning we can react much quicker and in new ways to threat situations. This includes multi-factor authentication as one way to log on to Windows. Or even applications that are enclosed outside of the operating system. These are ways that we can react today and they will only multiply as we continue to move forward at a fast pace.
How is Microsoft positioned in terms of cyber defence?
As one of our most actively pursued goals, the topic of cyber defence is certainly not new for Microsoft. We annually invest over a billion dollars in defence against cyber attacks, for our cloud, networks, customers and for ourselves. We have 3,500 employees working solely on this. And I’m not talking about security mechanisms built into our products, but proper defence against attacks.
What guidance can Microsoft provide for achieving successful cloud and AI projects?
When we talk about artificial intelligence, it's important for it to be closely linked with cloud services, because typically it doesn’t make sense in terms of labour and money required to do this in-house. This means it’s very important to have a strategy that you can grow into—I need experts who can advise me exactly on how my step-by-step way into the cloud and into AI projects will look. The challenge here is that we need a business case. Because only to use AI because everyone else seems to be doing it doesn’t make it effective for you—and it's the same with the cloud. You need to have clear objectives and be guided by experts on how to attain them. It won’t work, otherwise.
What security strategies does Microsoft offer for end devices that aren’t Microsoft-based?
Since Satya Nadella became our CEO, Microsoft has changed enormously. We are happy to accept that there is a world outside of Windows. So while we, naturally, secure our own products and services as best as we can, we also do the same for service and applications we offer for other operating systems. No matter whether the application is used on Windows or another OS—security comes first.