In the mid 2000s, Microsoft’s security reputation was so bad that Apple parodied it as part of its famous “Get a Mac” commercials.
“You okay?” a casually dressed Justin Long, representing a Mac, asked a sneezing, suited PC stand-in John Hodgman in one spot.
“No, I’m not okay. I have that virus that’s going around,” Hodgman responded. In another, Hodgman’s character hides inside a biohazard suit.
But in recent years, Microsoft has worked to clean up its act. And now it’s the latest big tech company to make security a part of its advertising pitch – just as Apple is eyeing the enterprise market.
Speaking at a Microsoft Government Forum in Washington on Tuesday, Microsoft chief executive Satya Nadella called cyber-security one of the most “pressing issues of our time” and laid out a set of privacy and security commitments from the company.
“Trust is at the core” of Microsoft’s mission, he said: “When it comes to privacy, we will ensure your data is private and under your control. When it comes to compliance, we will manage your data in accordance with the law of the land. We will also be transparent about both the collection of data and usage of data. And, lastly, we will ensure that all of your data is secure.”
Experts generally say that Microsoft has taken security more seriously in recent years and is willing to partner with independent researchers who uncover flaws in their products. In fact, the company now runs one of the more sophisticated bug bounty programs in the industry, a system that pays rewards to third-party researchers who discover problems and work with the company to fix them.
“Fifteen years ago, friends were receiving cease and desist letters from Microsoft [trying to silence independent security research]. Now they’re giving out six-figure bounties for helping fix major security flaws,” said Josh Corman, the chief technology officer at software company Sonatype and one of the founders of I am the Cavalry, a group focused on improving the security of tech with physical safety risks.
Microsoft’s journey shows that companies can go from being highly combative with the larger security research community to highly collaborative, a shift that is good for both users and stockholders, Corman argued.
Waves of data breaches have shaken almost every sector of the economy in recent years, rattling consumers. And especially in the aftermath of Edward Snowden’s revelations about the extent of the government’s digital surveillance capabilities, companies like Facebook and Google have touted upgrades to their security infrastructure.
Earlier this month, Nadella announced that the company would start using German data centers next year, allowing German customer data to stay inside the country and making it potentially harder for US intelligence agencies to access it due to strict German privacy laws.
But perhaps none have gone as far to assure users about their commitment to privacy and security as Apple. Last year, the company automatically rolled out strong forms of encryption that Apple itself is unable to unlock to iOS users – a feature that has put it at odds with some senior law enforcement and intelligence officials.
Earlier this year, Apple updated the privacy language on its Web site. The company made the case for the importance of encryption, the security tool that scrambles up data to protect it from prying eyes, and spelled out what the company does to protect users’ privacy and security.
As Apple has positioned itself as a privacy leader under chief executive Tim Cook, it has also set itself up to compete in the lucrative enterprise market – a space long dominated by Microsoft’s Windows ecosystem. Earlier this month, the company launched the iPad Pro, a supersized version of its tablet that is being explicitly marketed to professionals and businesses. And last year, the company announced a partnership with IBM to “transform enterprise mobility through a new class of business apps.”
Microsoft’s most recent enterprise products, like its Office Suite, rely heavily on a software model tied to cloud storage. But to compete in the increasingly crowded cloud computing market, the company will need customers to trust that it can fend off what Nadella called a “constant” barrage of cyberthreats.
Essentially, Microsoft’s plan is to use security as a marketing strategy. “It’s clear that you have to be seen as an honest broker to compete,” said Corman. “And talking about privacy and security is becoming a requirement for gaining public trust.”