Welcome to Runtime! Today: Why Microsoft is doubling down on its security efforts, Snowflake ramps up its generative AI approach, and the latest moves in enterprise tech.
(Was this email forwarded to you? Sign up here to get Runtime each week.)
Trustworthy Computing 2.0
After a rough couple of years for Microsoft's security reputation, the company acknowledged Thursday that it needs to make changes and accelerate efforts to do better. The Secure Future Initiative is more-or-less an updated version of founder Bill Gates' "Trustworthy Computing" memo, a public pledge to improve its security practices that doubled as a wake-up call for employees.
"In recent months, we’ve concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," wrote Brad Smith, the company's vice chair and president, in a blog post introducing the new push. The initiative comes almost four months after sophisticated hackers were able to read the emails of several Biden administration staffers thanks to a flawed authentication key policy and a bug in Microsoft Entra, which was only the latest in a series of cloud security problems that have plagued the company in recent years.
Smith described the initiative in three broad categories.
- Microsoft will use AI more extensively across its security organization, such as infusing its threat-intelligence group with a little more intelligence and rolling out new AI features in customer products like Microsoft Defender.
- It urged governments around the world to stop planting malware in critical infrastructure systems, which the Chinese, Russians, and Americans have all done over the last decade or so, and to consider cloud computing infrastructure part of that critical infrastructure.
- And Microsoft pledged to harden the internal security practices it uses to write software.
From now on, "we are all security engineers," wrote Charlie Bell, executive vice president for Microsoft Security, in a memo sent to all Microsoft employees Thursday outlining the changes taking place within its huge software development organization.
- Microsoft developers will now "apply the concept of continuous integration and continuous delivery (CI/CD) to continuously integrate protections against emerging patterns as we code, test, deploy, and operate," Bell wrote, adding that it would also continue to expand its use of memory-safe programming languages like Rust.
- It will improve the default security settings that come with customer software and move toward "100 percent auto-remediation without impacting service availability," which will help customers respond to security events automatically.
- Authentication keys will be stored in a new, more secure Azure tenant, which might have prevented the security breach earlier this year inside the government, and "key rotation will also be automated allowing high-frequency key replacement with no potential for human access, whatsoever."
- The company is also promising to fix cloud vulnerabilities twice as fast as it currently does and to discourage the use of NDAs for security researchers who discover flaws.
"Today’s cyber threats emanate from well-funded operations and skilled hackers who employ the most advanced tools and techniques," Smith wrote in his post. Microsoft is easily one of the biggest targets on the planet for those operations given its size, history, and reach across the world of enterprise software.
- But it has seemed pretty clear in recent years that Microsoft's security record hasn't measured up to fellow tech giants like AWS, Google, and Apple.
- The original Trustworthy Computing Initiative was generally considered a success, as Microsoft's products became more secure and its work developing security best practices spread across the tech industry.
- As Microsoft enjoys the fruits of the generative AI boom it kicked off earlier this year, it needs to make sure this new initiative will have the same impact as customers start putting more data on Microsoft's servers.
Just in time for winter
Snowflake Computing focused mostly on business users of its cloud data warehouse during its meteoric rise, but has started to look more and more like its data-scientist oriented rival Databricks this year as the AI boom rolls on. In truth, both companies are converging on the same territory as businesses attempt to articulate an AI strategy around their corporate data, and a new product unveiled by Snowflake this week has something for everybody.
Snowflake Cortex is a new managed cloud service designed to help software developers write AI applications using corporate data stored in Snowflake, and to also help business users interact with their data using Snowflake's own large-language models. “We want to make these advanced features, which are more and more a requirement for the modern enterprise, and integrate them deeply within Snowflake, so that our power users, the analysts that spend pretty much all of their time in Snowflake, become a lot more productive,” Snowflake's Sridhar Ramaswamy told Techcrunch.
According to Supervised's Matthew Lynley, Cortex also features a search engine that's designed to do retrieval augmented generation, a technology that builds on vector databases and is drawing a ton of interest for its ability to reduce the hallucination problem in LLMs. Sort of like Nvidia, both Snowflake and Databricks should continue to benefit from the AI boom as enterprise software spending in general remains muted.
Peter Guagenti is the new president and chief marketing officer at Tabnine, joining the GitHub Copilot competitor from Cockroach Labs.
Matt Renner is the new president of North America and global startups for Google Cloud, eight months after he joined the company from Microsoft.
Carly Brantz and Marcus Holm joined LaunchDarkly as the new chief marketing officer and chief revenue officer, respectively.
The Runtime roundup
Microsoft began selling the $30 a month Microsoft 365 Copilot AI service this week, in what could be its most successful AI launch to date or a test of how many people are willing to double their Microsoft 365 bill to get auto-generated meeting summaries.
Several Cloudflare services were down for hours Thursday after it lost power at a data center, causing a cascading series of failures.
PagerDuty bought Jeli.io, a startup that helps companies understand how to recover from infrastructure failures.
Atlassian beat Wall Street estimates for both revenue and profit during its last quarter and maintained its upcoming guidance, but the day traders were still not impressed.
HubSpot acquired Clearbit, which tracks down customer data so salespeople can bug you at work, for an undisclosed amount.
Boeing disclosed that it's dealing with a ransomware attack involving stolen data, but it wasn't clear if it had paid the ransom.
Thanks for reading — see you Saturday!