Has Microsoft Really Rebuilt its Security Cred?

November 17, 2015, 10:29 PM UTC
Photograph by Richard Morgenstein — Microsoft

Microsoft was once a running joke in the security world because of all the security patches it issued for its products. But CEO Satya Nadella now insists that his company has regained its long-lost credibility in security.

During a nearly hour-long presentation at a conference in Washington, D.C., Nadella and his team outlined how they think Microsoft has dramatically improved security across Windows and its cloud-based platforms Azure and Office 365. Nadella said that delivering on the promise of better security will help customers to “trust” his company, and the Redmond-based technology giant hopes to build that trust around four components.

“When it comes to privacy, we will ensure your data is private and is under your control,” Nadella said on stage. “When it comes to compliance, we will manage your data in accordance with the law of the land. We will also be transparent about both the collection of data and the uses of data. And lastly, we will ensure that all your data is secure.”

While Nadella’s talk focused mainly on security for business customers, it comes at a potentially pivotal moment in the general cybersecurity market. Nadella said that hackers compromised nearly 160 million data records this year in just the top eight data breaches. It takes a company approximately 229 days to detect a data breach, and breaches have cost the world’s economy boatloads of cash.

“The evolution of (data) breaches is beginning to take a turn toward real-world effects on enterprises’ bottom lines and people’s lives,” Trend Micro chief technology officer Raimund Genes said in a statement on Tuesday accompanying his company’s third-quarter “Security Roundup.”

Oddly, Microsoft seems committed to making people believe it’s at the forefront of protecting those companies and people. In the late-1990s and early-2000s, Windows, after all, was one of the world’s biggest security threats. Data breaches were commonplace and viruses and malware ran rampant.

“It was like riding a motorcycle through a tough neighborhood, and that neighborhood was cyberspace,” Tom Kellermann, Trend Micro’s chief cybersecurity officer, told Fortune about Microsoft’s security record. He added that Microsoft, “for years,” viewed security as an “afterthought.” Now, though, Kellermann says everything has changed.

Granted, nearly two years ago, Trend Micro partnered with Microsoft to improve the Office maker’s security across operating systems and the cloud. So it’s not exactly surprising that Kellermann would sing Microsoft’s praises.

“The modern-day Microsoft is a bulletproof [Chevrolet] Suburban with a bodyguard in it,” he says.

So, what has changed? Nadella said that Microsoft spends over $1 billion annually on research and development for improving security in the company’s latest operating system, Windows 10, as well as its cloud-computing platform Azure and online productivity suite Office 365. During his presentation, he said that Microsoft is also using the cloud and big data analytics to upgrade over one billion Windows device each month and inspect over 200 million e-mails for malware.

During a demonstration, Julia White, Microsoft general manager of product marketing for Office, showed how Microsoft is implementing some of its own technologies to improve security. It is also enlisting help from partners including Cisco, Barracuda, and Sophos.

White demonstrated how Windows 7—still the company’s most popular operating system—may not identify malware and safeguard a system. With help from partners and built-in technologies in Windows 10, however, the same malware was identified and blocked during the demonstration. That doesn’t mean, however, that Windows 10 will catch all malware.

Microsoft’s platforms also include a feature that stops hackers from being able to get into one system on a network and jump from that into others. Using Windows Hello, a facial-recognition feature, biometrics can be used to more effectively safeguard the operating system, White said.

Another critical component in Microsoft’s strategy is the establishment of a single operations center, based in Seattle, that houses the company’s top security staff for analyzing global threats in real-time. The so-called Cyber Defense Operations Center relies on big data analytics and looks for “anomalies” that suggest potential malicious intent online. After identifying the threats, Microsoft’s staff tries to respond to defend against the company’s services.

The operations center data “is being used by our products to create security in the products themselves,” Nadella said. “And we share that intelligence broadly with our customers, with our partners.”

Nadella ended his talk by putting a finer point on his belief that Microsoft is tops in security by saying something some may have never thought they’d hear from a Microsoft CEO: “Windows 10 [is] the most secure operating system.”

In a world where OS X and Linux have been known to have fewer malware issues than older Windows versions and Microsoft’s security reputation has been less than stellar for decades, that may be hard to believe. Kellermann wouldn’t go so far as to agree with Nadella, but he indicated that the Microsoft CEO makes a strong argument. He believes the Windows of today is far more secure than the Windows that kicked off this century.

“The latest operating system is 10 times more secure than Windows XP,” Kellermann says. “Literally.”

Sign up for Data Sheet, Fortune’s daily newsletter about the business of technology.

For information on the intersection of privacy and security, check out the following Fortune video:

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward