IGNITE The sound of cyber security professionals spraying their screens with coffee could be heard this week as Microsoft claimed, "security is our top priority," as it talked up its Secure Future Initiative (SFI) once again and explained how Windows could be secured.
In a post that did not mention the word "CrowdStrike" and instead referred to "learnings from the incident we saw in July," Microsoft introduced the "Windows Resiliency Initiative" or, as administrators still in therapy after that particular July incident might describe it, "nailing jelly to a wall."
As well as taking lessons from the CrowdStrike incident, in which millions of Windows devices were left hopelessly broken by a malformed update from a security vendor, Microsoft has said areas of focus include enabling more apps and users to run without administrative privileges, stronger controls for what apps and drivers are allowed to run, and improved identity protection to prevent phishing attacks.
It's all laudable stuff, although much of it feels like it could have happened earlier. SFI is already more than a year old. In September 2024, Microsoft boasted of the 34,000 full-time engineers it had dedicated to SFI. With that many engineers are needed, the company should probably take a look at the surface area available for attack.