Microsoft: The Mighty Code and Cloud Creator and the Mighty Cybersecurity Integrator — Healthy or…

Microsoft: The Mighty Code and Cloud Creator and the Mighty Cybersecurity Integrator — Healthy or Not?

While much of our training in cybersecurity still focuses on desktops and physical networks, it is in the Cloud that our networks, compute and data infrastructures will be secured. The days of one company doing your network, and another doing your servers, and another doing your data, are gone! They are all just part of building cloud architectures, and it's a new way of building our information systems where security and resilience are not add-ons anymore, but truly integrated into every single component part.

Over the next few years, the whole concept of client-server architectures will fade into the past, as we move to create loosely coupled pieces of code that work on their own, and which are made secure and resilient, and where we can trace every single event to every bit of code that runs. It is creating an integrated machine with loosely coupled pieces of software, and where, in the past, we have created tightly bound pieces of software and hardware, and which perform large tasks. The architecture of the Cloud is not the design architecture of our past.

The days of on-premise infrastructures are receding, and where our desktops are just becoming terminals into the cloud — basically we are going back to the 1960s world of mainframe computers. And, it is a whole new world of cybersecurity. If designed correctly, we can build vast infrastructures of logging that can audit virtually every single action taken by virtually every single entity on the infrastructure.

This is a completely different world to our loosely coupled SIEM systems, that hooked on to whatever log that could get, and try then to correlate them all together. An Apache Web log is a fairly vague collection of loosely coupled data, and this is used to trace a pin-point in time. A Cloud-based infrastructure can trace a single packet from its original in an infrastructure to its final action, and all the other actions that it can trigger. It is a completely new world of cybersecurity, and where we can have almost instant colleration of events. We now have virtually every event in the machine (through standard machine event logs), and every event outside it (through the detection of events and logging of virtually every part of our infrastructure).

Thus, whoever can capture the Cloud and Cybersecurity, will be the true winners of the future of the Cybersecurity industry — and also (possibly) end up in a monopoly position. And, while Amazon supports the integration of vendors for the security of their Cloud, it is Microsoft who are appearing as the one who could capture the integration of the Cloud and Cybersecurity — and which could create an unhealthy dynamic in the marketplace.

There’s a strange dynamic going on with those companies who create code, and then also have another unit which maintains and fixes code. Some would say that the two should be kept separate, as it gives an unfair advantage. Of course, for good software, a bug creator should also be a bug fixer. And, so, Microsoft is in a difficult space.

While it is laying off staff in more general areas of its business, it is in Cybersecurity that it sees some of its largest growth in income ($20 billion — a 50% increase over the last two years). In fact, Cybersecurity is the largest growth area with Microsoft.

Is this fair? Is the unhealthy? Will is squeeze out vendors who do not have the privileged position of actually creating and maintaining the code? Personally, I think it is unhealthy, and small businesses will struggle to compete with the power of Microsoft. It, too, can capture logs that few other companies can ever dream of (measured around 65 trillion events per day).

In the past, up-and-coming vendors such as Splunk managed to drive the market in order to consolidate their products. Companies thus took their multiple tools from a range of vendors and replaced them with Splunk. It was a classic tale of disruption in the market and displaced IBM and HPE from their leading position. But, now, there are signs that it is a large company in a privileged position that is squeezing out other big and small players. This is perhaps not healthy for the Cybersecurity market, especially for the holy grail of Cybersecurity: The Cloud.

And, so, it is Microsoft and Amazon who are really winning big, as they have both the Cloud and Cybersecurity, and which is the end game for the industry. While Amazon works with companies to improve their cybersecurity — such as integrating encryption by default — Microsoft sees a core market in providing the Cloud and then securing it. Few companies can compete with that force. At present, if a company hasn’t already moved to the Cloud for much of its infrastructure, they are probably considering which horse to back for their cloud integration. And, Microsoft, with its Active Directory and Desktop integration, is a natural choice. For identity and access management, Microsoft is already a market leader, with around one-quarter of all the sales. And, it’s after the SIEM market, too.

And, so, Microsoft writes the code and introduces the bug, and then fixes them. Isn’t there a case that this link could lead to conflicts of interest, as the more bugs that are introduced, the more business there is to detect and fix them? In a healthy market, the two would perhaps be kept separately. In fact, the majority of serious bugs and zero-day threats that were caused over the past year have been caused by bugs in Microsoft’s software (with most of the zero-day threats).

Conclusions

The end game is the Cloud, and Microsoft sees an opportunity in growing its Cybersecurity business. They create the code, they host their Cloud, and then they can secure it. It doesn’t seem to be a healthy interaction and could squeeze out other vendors from the marketplace. Microsoft (and Amazon) are now in the place that IBM was in the 1960s, and it was the PC that broke the monopoly.

With the Cloud, there’s not much that could disrupt it, and so there’s nothing to smash through. Basically, it’s a lock-in like no other. So, are we heading for a whole of technology, that is just based around two powerful companies?