Risk & Repeat: Inside the Microsoft SFI progress report

Microsoft last week released the first progress report for its Secure Future Initiative, which outlined several changes the tech giant has made to its security posture this year.

Microsoft's SFI was launched last November and further expanded this spring following a scathing report from the Department of Homeland Security's Cyber Safety Review Board (CSRB). The CSRB report slammed Microsoft for numerous security failures that allowed a Chinese nation-state threat group known as Storm-0558 to breach the company and gain access to email accounts of 22 customer organizations, including several federal agencies.

The SFI progress report highlighted changes Microsoft made to bolster security around its engineering systems, employee identities, tenants and production systems. Some of the achievements Microsoft listed included the elimination of 730,000 unused apps and 5.75 million inactive tenants, as well as 85% of production build pipelines for Microsoft cloud services shifting to centrally governed pipeline templates.

But will the changes be enough to prevent a repeat of the Storm-0558 attack? How much technical debt is Microsoft facing in its effort to improve security? And what does the SFI progress report say about the current state of SecOps? TechTarget editors Rob Wright and Beth Pariseau discuss those questions and more on this episode of the Risk & Repeat podcast.

Subscribe to Risk & Repeat on Apple Podcasts.

Rob Wright is a longtime reporter and senior news director for TechTarget Editorial's security team. He drives breaking infosec news and trends coverage. Have a tip? Email him.