For the past few years Microsoft Corp. has sold Canadian enterprise customers on its ability to keep their cloud-based data in Canada.
Now it’s trying to sell them on its ability to keep their cloud data safe.
With Microsoft operating two new data centres on Canadian soil, data security is supplanting data sovereignty as the focal point of its ongoing push into the cloud market here.
At the Microsoft Canada Tech Summit event in Toronto on Thursday, the company repeatedly emphasized its focus on security during a series of presentations highlighting cloud offerings such as Azure, Outlook and Office 365.
“Security is not a bolt-on. We don’t necessarily sell security as a separate product. It’s built into Windows, it’s built into Office 365, it’s built into Azure and all our products,” Takeshi Numoto, Microsoft’s global corporate vice-president of cloud and enterprise, told reporters at a media roundtable after the event.
Microsoft opened its first Canadian data centres in Toronto and Quebec City earlier this year. The move was welcomed by Canadian enterprises in sectors like finance, government, and healthcare, which must keep customer data within Canada to comply with security and privacy regulations.
Oracle launched its own Canadian data centre last fall and Amazon Web Services plans to open one in Montreal early next year. As Canadian data centres become less of a differentiator among providers, Microsoft is putting security at the forefront of its cloud marketing efforts in Canada.
That was apparent onstage as presenters demonstrated various security features within Microsoft’s cloud stable. One of the newest is the ability to monitor, diagnose and deal with security alerts right from the Azure analytics dashboard.
Users get an at-a-glance view of potential security threats ranked from high to low priority and can deploy measures like web app firewalls by simply clicking on one dashboard icon. Azure’s security analytics dashboard feature has been available for about six months.
Integration, automation, and detection play big parts in Microsoft’s approach to securing the cloud, said John Hewie, national security officer at Microsoft Canada. For example, he said Bing’s search engine browser is “indexing the Internet and also looking for bad things while it’s doing that.”
Numoto added that Microsoft’s cloud services and products are integrated with each other for security as well as interoperability.
“If there is a threat detected by the Windows browser, that information can be shared with Office 365,” Numoto said. Moreover, he said Microsoft can “leverage trillions of data points across our products” to increase threat intelligence within all of the company’s cloud offerings.
Security the top concern
Microsoft Canada also released a new security survey at Thursday’s event. It asked 711 senior level executives from Canada’s private and public sectors about their attitudes toward the cloud. Although data residency was cited as a concern among 85 per cent of respondents, data security trumped that, with 90 per cent naming cyber security as their top concern when considering cloud providers.
Microsoft Canada customer Doug Schneider vouched for that. Schneider – senior vice-president and global CTO at Manulife Financial and a presenter at the event – said security “is of paramount concern to everybody in my business.”
Schneider said Manulife has already moved about 35 per cent of its cloud functions to Azure and aims to move 95 per cent there by 2018. For large enterprises trying to stay on top of a rapidly evolving threat landscape, it’s easier and cheaper to tap into a vendor’s security-centric cloud offerings than develop them in-house, he said.
“The security Microsoft can provide in the cloud is far superior to what we can build on our own,” Schneider told the audience at the event.
“Even if I could (build cloud-based security in-house), it may take me five years to get to that level of sophistication,” he told reporters later. “I don’t have the people, the money, the time or the resources.”
That mirrors a scenario painted by Morgan Stanley analysts Keith Weiss and Melissa Gorham in a June research note.
“By enhancing their security, cloud providers are attempting to remove a major point of friction in the enterprise sales process,” Weiss wrote. “For many companies, and most small businesses, the public cloud may provide a higher level of security than they could otherwise afford through a third-party vendor.”
This trend will boost business for cloud service providers (like Microsoft) as well as vendors of specific cloud-based security products, Gorham predicted in the note.
“We see two sets of winners in this area – those well positioned to provide cloud-based security and those well positioned for security for the cloud,” she wrote.
Productivity plus security
Numoto said Microsoft’s ability to simultaneously deliver enterprise productivity and enterprise security differentiates it from other cloud providers in the market.
“Security-only vendors don’t have a workload. We actually deliver your email and protect your email,” he said.
Some industry players are already jockeying to target the shift to cloud-based security and security-for-the-cloud. In August, traditional security vendor Symantec Corp. paid US$4.6 billion to acquire Blue Coat, which specializes in deploying cloud-based security and securing cloud-based apps.