Being the Chief Security Officer of a Fortune 500 corporation presents enough hurdles when that company does business in a defined niche. With the nearly complete acquisition of Nokia, Microsoft has sped up its transformation into a "devices and services” company.
For Microsoft CSO Mike Howard, the buyout of Nokia is presenting challenges his staff and organization haven’t previously faced, however, it’s not like Howard isn’t up to the task. During his tenure as Microsoft CSO, he has guided the company’s corporate security strategies to new heights. From an operations perspective, he led the development of Microsoft’s three interconnected Global Security Operations Centers (GSOCs), which perform global security monitoring and response. The GSOCs based in the Redmond, Wash., corporate campus in the United Kingdom and in India have become showcases for how risk-critical intelligence centers should operate.
Howard is also a leading security industry evangelist for the alignment of security operations with the risk model of the companies they serve, in addition to espousing the importance of the partnership between information technology and physical security.
But Howard admits his biggest challenges are ahead as Microsoft morphs its business model from an exclusive software provider to a global manufacturing entity. “Day to day, we deal with the regular things most CSOs deal with -- terrorism, natural disasters, kidnapping, plus everything that is done in the natural physical security world’s bread and butter. A big chunk on what I do is making sure our higher ups are constantly updated on what we are doing and keeping them informed” says Howard, who acknowledges that now that Microsoft has entered the devices and services space, life will change. “We will be expanding into the hardware space after the pending acquisition of Nokia, so we know we are going to add global facilities and personnel as part of that expansion. When you look at the normal course of business and the fact that it is expanding, how do you keep up with the scale of that growth and make sure that you have the right people in place globally and do they have the right skill sets?”
The Nokia acquisition would thrust more than 32,000 new employees into the global Microsoft family. Howard was quick to assess that his department’s entire security and risk paradigm is changing. “If you just look in the area of supply chain, this is a completely new sector for us,” he says. “We’ve always protected facilities, people, and to some extent, assets. Now you are talking about a situation where you have manufacturing facilities that are vulnerable to attack. We now have to integrate our current technology with our GSOCs and add these new assets into our portfolio.
“But the other issue is we now have to potentially deal with things we have never had to before like armed gangs stealing supplies,” Howard confides. “We’ve talked with our counterparts from other companies that have a lot of experience in devices and services and in the supply chain environment, and they have shared with us incidents with organized armed gangs around the world that actually highjack shipments. That’s an area we haven’t dealt with before, so getting smart in dealing with that and just the everyday manufacturing process is something we are currently involved with from a security perspective.”
Howard’s background -- which includes more than two decades with the Central Intelligence Agency, where he served in the agency’s Office of Security and eventually worked in the Counterterrorism Center handling myriad global programs -- has certainly prepared him for Microsoft’s global expansion. But he is adamant that lessons he learned in the business sector have molded his approach to security and creating successful internal partnerships.