Last Updated: 4th December, 2019
End To End Security and Artificial Intelligence (AI): Microsoft hosted their annual flagship Ignite conference in Orlando, Florida, in early November. The event attracted over 30,000 attendees and consists of over 1800 sessions across a wide range of topics such as DevOps, coding, identity, End to End Security and AI and many product deep dives.
Among the headlines, the main trends and talking points were on technical advancements, End to End Security and AI additions and company strategies.
End To End Security and Artificial Intelligence (AI): Tech Intensity
The theme of “Tech Intensity” consists of the Microsoft formula of Tech Adoption x Tech Capability ^ Trust. As their driver is “to make every company a tech company” this means an organization must be able to adopt technology quickly – either using off the shelf products or by creating your own.
You also need to have the capability to handle that technology adoption – whether that is through internal development teams who can utilize the latest features, or by being able to support and operationalizing it, all in the context that your business/organization trusts in your ability to deliver.
Being a technology company, their focus is naturally on technology to drive change. I do wonder if the drive is to help change businesses, then maybe we should widen the definition and amend the formula slightly: Tech intensity = ((Tech Adoption x Tech Capability) + (Business Change Capability)) ^ Trust
We doubt Satya will copy this, but if he does you saw it first here.
End To End Security and Artificial Intelligence (AI): Security Announcements
End to End Security and AI was a huge topic all week, after Microsoft spent over $1 Billion on security last year. In recent years they have invested heavily in this area, and this is evident in their end-to-end security architecture across their ecosystem of products (Identity, Device Management, Digital Rights Management, Data, Applications).
A number of their products are industry leading in Gartner top right quadrant:
- Microsoft Cloud App Security their Cloud Access Security Broker (CASB) product
- Windows Defender ATP in Endpoint Protection
- Identity Access Management Solution (Active Directory, Azure Active Directory)
- Meeting Solutions (Skype & MS Teams)
- Information Archiving
The SIEM function is fully integrated with a wide number of Microsoft products and they offer free Office 365 data ingestion (it is not quite free, as you do need to pay for log storage and probably other costs).
They also allow a number of third-party connectors to well-known vendors like Cisco, Palo Alto, AWS, F5 Networks, so you can get data from other products. This looks like a direct competitor to the companies such as Splunk, ArcSight and Log Rhythm.
It also acts as a SOAR (Security Orchestration, Automation and Response) and this is where things get interesting. In one of the workshops, we attended they used products like Power Automate (previously Flow) to automatically block IP addresses and domain names on the Palo Alto Firewall.
They also showed the integrations between Windows Defender ATP and Azure Sentinel. This is not new in the industry with McAfee’s Open DXL platform and Splunk’s Phantom product to name others.
This does have some great potential and definitely one to watch going forward, because of its high integrated nature across the Microsoft product stack.
Also worth mentioning is the Microsoft Intelligent Security Graph, the API service allows you to access the data in your environment and build your own custom reports/dashboards on any End to End Security and AI events in the environment. Especially how they are integrating it with their reporting tool PowerBI.
Another notable product was Azure Arc. This is designed to extend, manage and End to End Security and AI from the Azure cloud management console across servers (Windows and Linux), multiple clouds, containers, databases and other resources all in a consistent manner.
One of the current challenges for staff is the management across multiple clouds. The key aim of this is to simplify that management by controlling it all from the Azure console. Giving the ability to define role-based access to resources in the Azure Portal and assign that to devices/infrastructure running in other clouds or on the premise.
This could potentially be a big win for operations teams struggling with End to End Security and AI and compliance.
End To End Security and Artificial Intelligence (AI): Democratizing AI and Empowering Users
One of the key themes was the concept of making Artificial Intelligence (AI) simple and accessible to all users and empowering them to create products. There were a number of sessions that gave examples of using AI with the cognitive services like form recognition and using their Power Platform, which allows users to create custom applications and then perform triggers between them – empowering the business user to create their own workflows and products applying AI to them.
This is great, but also creates a shadow IT support headache: if a user has created a solution that becomes key to the business and support are unaware – in the event that it breaks, while they are on holiday, or the user leaves and the call comes into the helpdesk – both sides will be stuck.
This is a difficult one to manage because you do not want to stifle innovation, but equally need the support structure in place hence their concept of Tech Intensity.
End To End Security and Artificial Intelligence (AI): Microsoft Project Cortex
If you are an Office 365 user, Microsoft are automatically applying AI to enhance your experience. You may have seen services like MyAnalytics sending you reports. The aim is to help your organization work smarter.
The immediate question that sprang to mind for many was around the privacy of company data. During the presentation they repeatedly promised that your data stays your data, and they do not use it for anything else.
One of the examples given was where Bing searches both your internal data and then external results: If there is an acronym or project name used in an email it can automatically build a knowledge base of those, provide the names of the individuals who are most likely to know about that term and suggest documents to read.
Care and attention will be needed here as this is rolled out. Sensitive internal projects, keywords or team members could be easily searched for if the correct permissions have not been applied.
For those of us who previously viewed Microsoft’s End to End Security and AI products with caution, there is a definite concerted effort to reverse that and increase their brand reputation and product capabilities.
Their strategy to integrate all of their products looks like it is having definite commercial and end user advantages.
Centralized logging and monitoring, ease of automation, integration of AI – all with an End to End Security and AI backdrop shows how the individual project teams seem to be coming together. It is clear that End to End Security and AI is a major focus and that can only be good for us as consumers.