This amount does not include acquisitions Microsoft may make in the sector, Bharat Shah, the company’s vice president of security, told Reuters on the sidelines of the firm’s BlueHat cyber security conference in Tel Aviv.
“As more and more people use the cloud, that spending has to go up,” he said.
While the number of attempted cyber attacks was 20,000 a week two or three years ago, that figure had now risen to 600,000 to 700,000, according to Microsoft data.
In October Microsoft said quarterly sales from its flagship cloud product Azure — which businesses can use to host their websites, apps or data — rose 116%.
In addition to its internal security investments, Microsoft has bought three security firms, all in Israel, in a little over two years. Microsoft’s venture arm has also made three cyber security investments in Israel, including this week an undisclosed amount in Illusive Networks, which uses deception technology to detect attacks and has been installed at banks and retailers.
Though Microsoft does not have any near-term plans to implement deception technology, “we look at lots of different technologies that might be of use in the future,” Mr Shah said.
He believes that in the next year or so, progress should be made in moving toward broader implementation of user authentication without need for a password.
Microsoft’s Windows 10 operating system includes Windows Hello, which allows users to scan their face, iris or fingerprints to verify identity.