When Microsoft last year recruited Charlie Bell, a top product engineering executive at Amazon Web Services, it was a major coup for the software giant. Bell had spent 23 years at Amazon—15 of them at AWS, the retailer’s cloud computing unit—where he earned a reputation for being able to bulldoze through departmental politics, technical glitches and other obstacles to get projects finished.
But in his first year at Microsoft—where Bell is the company’s most senior cybersecurity executive, overseeing a new 10,000-employee organization—some obstacles have proved harder to budge. At times, Bell has encountered resistance to some of his efforts to change Microsoft’s approach to cybersecurity, including getting his teams to be more vigilant about preventing and responding to software vulnerabilities, according to more than half a dozen current and former Microsoft employees.
Over the past year or so, Microsoft has suffered numerous black eyes over the security of Azure, its cloud computing service, at a moment when it’s trying to convince more companies to jump to the cloud. And yet, in meetings with Microsoft cybersecurity teams, managers who were part of Microsoft’s old guard have pushed back on Bell’s suggestions for improving their responsiveness to security vulnerabilities, believing he was setting too high a bar for stopping attacks on its products, according to a current Microsoft manager.