The Washington PostDemocracy Dies in Darkness

Microsoft gets serious about security as Apple eyes the enterprise market

Microsoft's chief executive, Satya Nadella, speaks during a presentation in Berlin last week. (Gregor Fischer/Deutsche Presse-Agentur via AP)

In the mid-2000s, Microsoft’s security reputation was so bad that Apple made fun of it in TV commercials.

“You okay?” a casually dressed Justin Long, representing a Mac, asked a sneezing, suited PC stand-in John Hodgman in one spot.

“No, I'm not okay. I have that virus that’s going around,” Hodgman responded. In another, Hodgman’s character hides inside a biohazard suit.

But in recent years, Microsoft has worked to clean up its act. And now it’s the latest big technology company to make security a part of its advertising pitch — just as Apple is eyeing the enterprise market that Microsoft has dominated for so long.

Speaking at a Microsoft Government Cloud Forum in Washington on Tuesday, Microsoft chief executive Satya Nadella called cybersecurity one of the most “pressing issues of our time” and laid out a set of privacy and security commitments from the company.

“Trust is at the core” of Microsoft’s mission, he said. “When it comes to privacy, we will ensure your data is private and under your control. When it comes to compliance, we will manage your data in accordance with the law of the land. We will also be transparent about both the collection of data and usage of data. And, lastly, we will ensure that all of your data is secure.”

Experts generally say that Microsoft has taken security more seriously in recent years and is willing to partner with independent researchers who uncover flaws in its products. In fact, the company now runs one of the more sophisticated bug bounty programs in the industry, a system that pays rewards to third-party researchers who discover problems and work with the company to fix them.

“Fifteen years ago, friends were receiving cease-and-desist letters from Microsoft [trying to silence independent security research]. Now they’re giving out six-figure bounties for helping fix major security flaws,” said Josh Corman, the chief technology officer at software company Sonatype and one of the founders of I am the Cavalry, a group focused on improving tech security.

Microsoft’s journey shows that companies can go from being highly combative with the larger security research community to highly collaborative, a shift that is good for both users and stockholders, Corman said.

Waves of data breaches have shaken almost every sector of the economy in recent years, rattling consumers. And especially in the aftermath of former National Security Agency contractor Edward Snowden’s revelations about the extent of the government’s digital surveillance capabilities, companies such as Facebook and Google have touted upgrades to their security infrastructure.

Earlier this month, Nadella announced that Microsoft would start using German data centers next year, allowing German customers’ data to stay inside that country and making it potentially harder for U.S. intelligence agencies to access it.

But perhaps no company has gone as far to assure users about its commitment to privacy and security as Apple. Last year, the company automatically rolled out strong forms of encryption for iOS users that Apple itself is unable to unlock — a feature that has put it at odds with some senior law enforcement and intelligence officials.

Earlier this year, Apple updated the privacy language on its Web site. The company made the case for the importance of encryption, the security tool that scrambles data to protect it from prying eyes, and spelled out what the company does to protect users’ privacy and security.

As Apple has positioned itself as a privacy leader under chief executive Tim Cook, it has also set itself up to compete in the lucrative enterprise market — a space long dominated by Microsoft’s Windows ecosystem. Earlier this month, the company launched the iPad Pro, a supersize version of its tablet that is being explicitly marketed to professionals and businesses. And last year, the company announced a partnership with IBM to “transform enterprise mobility through a new class of business apps.”

Microsoft’s most recent enterprise products, such as its Office Suite, rely heavily on a software model tied to cloud storage. But to compete in the increasingly crowded cloud computing market, the company will need customers to trust that it can fend off what Nadella called a “constant” barrage of cyberthreats.

Essentially, Microsoft’s plan is to use security as a marketing strategy. “It’s clear that you have to be seen as an honest broker to compete,” Corman said. “And talking about privacy and security is becoming a requirement for gaining public trust.”