This story is available exclusively to Business Insider subscribers.
Become an Insider and start reading now.
- With a new cybersecurity marketing VP and data from 800 global companies, Microsoft is making its case as an all-in-one solution for hybrid workforces.
- The company says it can simplify clients’ cybersecurity stacks through coworking tools, cloud computing, and its zero trust model — even for firms on a tight budget.
- Analysts say Microsoft is on-target with zero trust: The approach continually authenticates users with multi-factor authentication.
- But the company can’t expect to sell an integrated solution to companies that are already invested in a variety of tools, analysts say, which means that how well it works with other companies may be its biggest test.
- Visit Business Insider’s homepage for more stories.
Microsoft began the coronavirus crisis by stepping up as a cybersecurity leader with new, integrated approaches to cloud cybersecurity. Now, as remote work is being extended for many companies, the software giant is doubling-down, making the case that it can address coworking, cloud computing, and cybersecurity needs simply and cheaply for a hybrid workforce.
“Our customers are in many ways looking for an ‘easy button,'” says Vasu Jakkal, who joined the company two months ago from renowned cybersecurity company FireEye to lead Microsoft’s security, compliance, and identity marketing teams.
Microsoft is making a play for the hybrid workforce that has both security challenges and budget constraints with what Jakkal describes as its “integrated portfolio” of Microsoft 365 collaboration tools, Azure cloud computer products, and its security protection tools. That all-in-one combination will be welcome in an industry that is “so fragmented,” Jakkal said: “There are so many companies in security and so many types of security that it’s hard for a customer to understand.”
Analysts agree that Microsoft can be a central player and evangelize its “zero trust” cybersecurity approach – but say the company must prove it can integrate better with other companies if it wants to dominate.
For example, principal analyst at Constellation Research, Liz Miller, says Microsoft’s big-box approach presumes that potential customers can — or will — start from scratch technologically.
“Very few – if any – companies are starting from a blank slate,” Miller says. Cybersecurity pros “are over-tooled and over-burdened. So the next phase in Microsoft’s evolution will need to be how to connect these disconnected systems into their overarching solution.”
Microsoft is vying for companies on a budget and boosting its ‘zero trust’ approach
A key aspect of Microsoft’s play is that it says it can provide connected services with fewer issues and at a lower cost, which is something that companies in a struggling economy may embrace.
Its recent survey of nearly 800 business leaders of companies of more than 500 employees in India, Germany, the United Kingdom, and the US found that firms are emphasizing security, re-committing to remote work tools and cloud computing, and looking to cut costs as the economy falters. So after months of taking cybersecurity leadership roles that were not based on profits, the timing is good for the world’s largest software company to make its play, some analysts say.
“Microsoft recognizes that the cloud provides economies of scale that will be critical for most businesses that are trying to increase their cybersecurity efforts while concurrently managing budget constraints,” says Daniel Newman, principal analyst of Futurum Research. “Azure and Microsoft 365 offer a fertile ground for the company to expand its offerings and the strength of its reputation in the cybersecurity space.”
The company’s size and immense resources allow it to make this play, Newman says – and it may have been inevitable, he believes. “With its massive user base, continued strength and improvement of its overall reputation, and the technological challenges being driven by the fallout of the pandemic, it doesn’t only make sense for Microsoft to insert itself further into cybersecurity, but rather is an imperative to deliver for its customers, which depend on Microsoft to secure their data and their users.”
As remote work evolves into a long-term hybrid workforce, Microsoft is also placing a big bet on the “zero trust” philosophy it turned to in March. The company killed off passwords among its workforce and integrated the continual authentication process that gives the strategy its name: Everyone is repeatedly verified because no one, even on company networks, is trusted.
Microsoft is sticking with the zero trust approach long-term, Jakkal says: “Zero trust: That’s absolutely the framework we believe in,” she said. “Verify everything, starting with identity. That is a leadership position for Microsoft, and an investment that we have made.”
The zero trust approach is a winner, analysts say. “Microsoft has a compelling vision for the future,” says Christopher Sherman, an analyst at Forrester Research. “Few vendors are able to match their level of integration between data security, vulnerability management, device configuration, and threat response capabilities. Each of these layers provides context into their risk analysis that feeds into the overall zero trust strategy and would be incredibly difficult for security teams to correlate and automate on their own.”
But analysts still have their doubts
In order for Microsoft to succeed, though, it can’t pretend it exists in a vacuum.
“Should Microsoft be the all-in-one security solution for the entire enterprise?” says Constellation Research’s Miller. “My answer would be no.”
And it will have to do more than just make room at the table for other companies, Forrester’s Sherman said. It will have to work closely with them – including those that compete with its play for one integrated solution.
“Its integration partner network is small,” Sherman said. While that’s changing, he acknowleged, “Management complexities still come up frequently in customer conversations. These will need to be addressed in the future if Microsoft is to succeed.”
And even though Microsoft has urged that it wants to “partner with everyone,” some in cybersecurity are not content to be satellites to Microsoft’s home base.
In June, four medium-sized, cloud-based cybersecurity companies – Okta, CrowdStrike, Netskope, and Proofpoint – announced they have formed an “alliance” to combine their integrated services to take on heavyweights like Microsoft and McAfee.
The companies say they are each the “best in breed” of their areas of expertise, and IT consulting firm Gartner has bequeathed each as a leader – if nottheleader – in its area.
As distributed workforces continue into the fall, Microsoft may be at the center of a new place in cybersecurity – but it may be the glue that pulls things together, rather than an all-in-one solution.
“Should Microsoft be on the consideration list for the foundation on which a security posture can be built?” Constellation’s Miller asked. “Yes. Without question.”