Microsoft chief executive Satya Nadella has made a bold move to strengthen the company internal grounds by transforming top management to focus on two major priorities security and quality of engineering. Nadella explained in a lengthy internal memo sent to employees why Microsoft is becoming increasingly focused on the way products are built, tested, and protected as the technologies of the company continue to lie deep in the center of the digital infrastructure around the world. The relocation is indicative of a larger understanding that scale, though strong, also creates risk when quality and security are not handled in a disciplined and clearly owned manner.
The core of the message is the establishment of a new, specialized position that is solely concerned with the engineering of quality in the broad product line Microsoft deals with. Nadella explained that this stance is vital to the idea that quality is not a back seat or a control point at the end of the development process but a value that is entrenched in all the steps of engineering. In addition to this, Microsoft has also reorganized its security leadership whereby it has revived a former senior executive to lead the company security organization. All these changes are indicative of a new focus on responsibility and implementation, as opposed to gradual process enhancements.
The increase in Microsoft has been unending in the last ten years. Since cloud computing with Azure then to enterprise software, developer tools, and currently artificial intelligence platforms which are used by governments, corporations, and individual users the scale of the products offered by the company is one that few organizations could match. Along with such scale comes increased scrutiny. A small failure in consistency or security may have far reaching effects across sectors and frontiers. The memo by Nadella has recognized that Microsoft has achieved significant progress in enhancing its engineering and security practices, but this will not be enough anymore. What is now needed is a better focus and responsibility.
One aspect that is specially striking is the creation of the role of an engineering quality czar since it places quality as a strategic role as opposed to a decentralized one. The quality in big technology companies tends to be the responsibility of everybody and, ironically, nobody at the same time. Nadella is trying to solve a long-standing issue of software engineering: ensuring consistency and rigor as the products become increasingly complex, and development time decreases, by putting one of the senior executives as the owner of this capability across teams. This position will span across the divisions and find systemic problems, strengthen the best practices, and be able to remember the lessons of past failures.
Meanwhile, security is also an existential issue to Microsoft and its customers. Microsoft being a cloud service and enterprise system provider, is a common victim to advanced cyberattacks. The fact that Nadella chose to hire a longtime executive to head security is indicative of the fact that the company wanted to have a seasoned executive who has experience of the internal culture of the firm, as well as the emerging threat environment. Instead of security being a responsive operation, the company seems to be determined to establish it more within product design and engineering processes.
The tone of realism is one thing that comes out in the message by Nadella. It is not stated that Microsoft already overcame the challenges, or tries to diminish the problems of the past. Rather, the memo positions these changes of leadership as long-term efforts that are in progress. It is focused on doing things at a global level, where even properly constructed systems may collapse whenever processes are not consistent, or accountability is spread out. With the closer integration of these positions to the office of the CEO, Nadella is indicating that quality and security do not exist on the periphery of Microsoft but are at the core of its identity and its future competitiveness.
This strategy is closely related to the philosophy of leadership of Nadella as he was appointed as the CEO. He has continuously encouraged cultural changes to focus more on the learning, humility and customer confidence rather than on instant victory. Stakes have since increased further in recent years as artificial intelligence has established itself as a fundamental part of the Microsoft strategy. Engineering choices are magnified by AI systems, so more than ever, robustness, fairness, and security are significant. It is no longer only about reducing the number of bugs but also ensuring high quality of engineering that guarantees trust in the technologies that have more and more significant impact on the real world results.
The memo acts as a comfort and a challenge to the employees. On the one hand it is a recognition that engineering and security teams have already done a lot of work. On the other side it is evident that expectations are increasing. Having specific leadership that is quality-oriented will ensure that loopholes will be more apparent and standards will be more regularly implemented. This may be painful in the short run but it also gives clarity. Teams understand what is important, how the success is going to be evaluated, and where the concerns are going to be raised.
Industrially, the action of Microsoft is a wider trend within big technology firms. It is becoming less tolerant to failure as digital products are becoming part of infrastructure, instead of non-compulsory tools. Customers are demanding virtually flawless uptime, high data security, and reliability. There is also an increasing regulatory pressure, as the governments are more concerned with how technology companies handle risk. By making its dedication to engineering quality and security a formal obligation, Microsoft is putting itself in a position where it is going to satisfy these expectations in advance and not in defense.
Of course there are open questions. The establishment of new leadership positions does not necessarily result into improved performance. A lot is going to be in the way these leaders are empowered, the overlap of their mandate with the existing teams, and whether the organization is gaining in favour of change or it is opposed to change. The problem of balancing speed of innovation and rigor in technology is a long-standing issue, and there are dangers of over-emphasizing in either way.
