(Bloomberg) -- Last year, Microsoft Corp. hired a top Amazon.com Inc. cloud-computing executive Charlie Bell to oversee a sprawling cybersecurity empire. His mission was to chart a future course for the security business, which now generates more than $15 billion annually.
Bell reorganized, combining groups scattered across businesses like Azure cloud, Windows and Office and hired some new executives, but the company has also eliminated some open roles as it slows hiring in a weakening economy. He put Microsoft’s world-renowned lab for tracking nation-state and cybercrime gangs together with the company’s cybersecurity research units, under the leadership of John Lambert, a veteran at tracking hackers at Microsoft.
It’s an ongoing, high-profile effort as Microsoft seeks to position itself as a security leader amid rampant nation-state hacking, and the war in Ukraine.
Bloomberg spoke with Bell about his plans for the future and why he thinks artificial intelligence will be key to stopping hackers.
You’ve merged parts of Microsoft’s sprawling security business, why?
You’ve got to flip this asymmetry around. If the attackers could come from any angle, the one advantage that we have is we could see all of it. The way I describe it is we get to set the playing field. Imagine that you’re playing soccer, and the other team’s scoring quite a bit, what do I do to this playing field that makes it harder for anyone to score? Shrink the goal down to just about the size of the soccer ball, stretch the field out to be 20 miles long, and just make it harder. There’s a whole bunch of work you can do to just make the landscape just much, much harder.
The thing that’s so fascinating about this space is the humans are innovating to break everything you build. Every other problem you go solve, well, you solve the problem and move on to the better problem, keep making humanity go forward. But every time we take a step forward in security, there’s somebody out there scratching their head saying, well, what do I do to get around that, how do I break that?
How do you fight back?
Well, you innovate your machine learning algorithms to go look for those patterns and to try to save things that have been broken into and stop it where it happens. There’s this constant game going on of innovation. What’s exciting to me is I feel like we’re just finally at the turning point. We can gather all the data. We can have one brain. That’s why I put all the research together in one place. You have to have an end-to-end capability. It’ll be an ecosystem. It won’t just be Microsoft. That’s another thing I liked about Microsoft when I looked at it. Microsoft knows how to work with partners.
What’s the role of AI in the future of cybersecurity?
The opportunity in AI is tremendous. The way I’ve been talking to the team is, you’ve got to run a marathon, but it’s got to be run at sprint speed. In other words, you’ve got to build the innovation environment, so that it’s not just some great stuff that you can put out there—features you get out there tomorrow—it’s going to have to be machinery that can keep going and keep going fast. It’s basically having the machinery to just continuously go fast, and especially in machine learning. All the model training and all of the data stuff and everything else is just a super-high priority. Microsoft has a tremendous amount of technology in the AI space. That was another thing I looked at. I said, whoever is going to solve this is really going to have deep capability in AI.
Where does Microsoft need to invest now to be great in security in 10 years?
A big one is just being great at operations, because one of the things I think people overlook is that the ability to iterate and act on what you’re seeing in a changing world, the speed at which you can do that, the shortening of the cycle times. There are some really cool things in AI coming down. When you look at what’s going on in the large model space, the ability to take in a lot of data all at once, and then without a lot of effort, without a lot of long cycles of training, be able to change and react to what’s going on, I think that’ll be an important part of the story.
There aren’t enough people in the world to solve the security problem. That’s a big problem. You talk to customers, one of their big challenges is just hiring. Everybody’s hiring out of the same pool. We do need to do a lot of skilling. We need to teach a lot more of our population how to defend, but it’s not a problem we’re going to solve with people. The leverage in AI there is really the way out.
What are other priorities for you?
Being multicloud is a really important—that was one of the other things that got me here. I thought, well, all this cloud competition, Satya [Nadella] is going to be all about Azure. I talked to him about this—it’s a multicloud problem. Like nobody’s going to look at their security problem and say, “Okay, well, I’ll have all this stuff that secures my AWS stuff, and all the stuff that secures my on-prem stuff, and this one secures GCP, this one secures Azure.” They need a security solution, because the attackers, they find the seams in all of this. And so getting end-to-end on clouds, the multicloud story, continuing to stretch over all the cloud providers is a super-high priority right now.
If you have an operating system, you know a lot about what can be done to protect. But there are other operating systems. We’ve got to be great on Mac OS. We’ve got to be great on the mobile OSes, iOS and Android.
Microsoft eliminated some of the open positions in your security unit as the company slows hiring, will that constrain your ambitions?
We didn’t cut any heads. We basically just said, “Hey, we’re not going to hire the way we’ve been hiring.”
I think I’m kind of welcoming it. You look at some of the ultra-funded companies with tens of billions of dollars of market cap, and they go on hiring tear and just hire a whole bunch of people. I’ve got some experience that it doesn’t take very many people to get an awful lot done. And so, I’m not feeling any pinch on that front. I think we’re in a good spot.
You have to remember; we hired a ton of people. There’s a moment when these people become more productive and able to deliver faster, and sometimes it’s really good to take a little breather.
When we talk to customers, we hear some annoyance that Microsoft develops software with security flaws and then charges clients for other programs to fix that?
There are going to be vulnerabilities. That’s just the way it works. You’ve got a whole bunch of people taking everything that you do, and trying to figure out, well, how can I turn that into a weapon? And if you talk to security professionals, they generally totally understand that everything you’re going to produce, there will be breaches, there will be problems.
Picture the Romans with their arenas and the gladiator down there fighting the lion. There are plenty of people in the stands that can say, “Boo, boo.” Well, here, here’s a sword and a shield; you go down there and you go fight the lion.
This conversation has been edited and condensed for clarity
©2022 Bloomberg L.P.