Microsoft's security infra to drive India on digital path, says official

As India gets on the path towards digitisation, Microsoft with its impeccable threat intelligence capabilities to detect vulnerabilities across devices, Internet of Things (IoT) and Cloud infrastructure is ready to help the country, a top global Microsoft executive said on Friday.

"India serves as a large talent base for Microsoft. A lot of significant components of Microsoft products are manufactured here and the tech giant is committed to the digitisation drive in the country by integrating security at every step of its product development," said Jan Neutze, Director of Cybersecurity Policy for Europe, Middle East and Africa.

Neutze was speaking at one of the sessions during the fifth edition of the Global Conference on Cyber Space (GCCS) here.

According to him, in its push to advance digitisation, India has the opportunity to avoid some of the challenges and mistakes made by others and ensure that security is built into its framework right from the start, rather than sort of bolt it on at the end,

The Cyber Surakshit Bharat initiative, for instance, for which Microsoft is a partner, seeks to build the cybersecurity capacity of the Chief Information Security Officers (CISOs) across the government, by training 1,200 government CISOs.

"We think this initiative has great potential, and we will see if we can replicate it elsewhere in the world," Neutze said on the sidelines of GCCS.

Microsoft has over 3,500 internal security professionals that work on cybersecurity and Cloud security at Microsoft and invests over $1 billion on cybersecurity every year.

"We have a methodology for developing our software securely - what is called our security development lifecycle (SDL) — which is something we established as a mandatory policy in 2004 and have since continued to evolve to a point where it has become an industry-leading standard on how to actually develop software securely.

"We have also taken the learnings from SDL and applied it to how we securely develop our cloud services - a process we call Operational Security Assurance (OSA). Both SDL and OSA have become critical foundations for how we build security into our products and services right from the start," Neutze noted.

According to him, Microsoft has developed several capabilities, including its Digital Crimes Unit (DCU).

"Launched almost a decade ago, DCU opened a global Cybercrime Centre in 2013 and has since established a network of satellite centres, the latest one being our Cyber Security Engagement Centre (CSEC) here in India. These investments are helping us combating cybercrime and advancing cybersecurity in a holistic way," Neutze said.

Microsoft President Brad Smith has called for the Digital Geneva Convention.

"We are talking about three things: Governments need to do more; industry needs to do more; and potentially, together, we can do more on this question of cyber-attack attribution," Neutze added.

Microsoft India this week said its "Cybersecurity Engagement Centre" in New Delhi has reached out to 126 organisations in a year, empowering them with information and techniques to secure critical information infrastructure and help reduce malware and digital risk in the country.

The centre, set up in New Delhi a year ago, is part of a global network of eight such centres.