MSFT: Building The Cloud, Securing The Future - How Microsoft Leveraged Azure To Lead In Cybersecurity (Pt.1)

Summary

• In this two-part report, we gain a deep understanding of Microsoft's cloud business, which will then serve us in analyzing its cybersecurity business and its impact on the industry.
• Part 1 dives into the competitive dynamics and Satya Nadella's leadership that led to Azure's success, which is critical because without Azure, Microsoft would have a much smaller security business.
• Part 2 will discuss how Microsoft leveraged Azure to grow the largest cybersecurity business globally, and we will provide analysis on how Microsoft may impact the broader industry going. We will also review Google's prospects in cybersecurity.

Intro

Given that we are equity research analysts with a specialism in cybersecurity, some may argue a dedicated piece on Microsoft (MSFT) is long overdue. That is because they have the largest cybersecurity business globally, currently generating over $20bn in revenue, competing in almost every area of the market.

Our coverage on MSFT to date, has been in the context of them being a competitor to the subject company we have analyzed. For instance, we shared notable insights on MSFT during our Okta research series, and MSFT featured heavily in last year's Investment Guide to DevOps where we provided a comprehensive competitor assessment to enrich our GitLab thesis. Though, until now, we haven't focused on MSFT's security business as the main character, mostly because, while $20bn is a huge business, it still only represents 10% of MSFT's overall revenue, meaning there are zero direct investment opportunities in which to capitalize on any analysis.

However, as this $20bn+ business continues to outgrow the overall market (apparently growing at 33% when MSFT unveiled the size of their security business in 2023), it is going to have an increasing impact on the global ~$200bn cybersecurity industry. Hence, investors can use this comprehensive analysis on MSFT to help evaluate investment opportunities elsewhere in cybersecurity. By knowing where MSFT is not just cost-competitive but also very strong technologically, and by understanding their likely roadmap, investors can assess the competitive threat of MSFT to their cybersecurity investment interests with more clarity.

From On-Prem to Cloud: How did MSFT Execute this so Successfully?

Before we dive into MSFT's security division, it's useful to take a step back and fully understand the broader business. Particularly, it is valuable to know how MSFT remained relevant during the cloud transitions starting in the early 2010s, because without Azure, MSFT's cybersecurity business would be a fraction of what it is today. Therefore, a deeper understanding of Azure should help us better envision MSFT's security roadmap and how they may evolve as a giant in a highly fragmented cybersecurity industry.

MSFT’s initial foray into the cloud began in 2008, with an internal project codenamed Project Red Dog, which was later branded as Windows Azure when the cloud offering became commercially available in 2010. Project Red Dog was built on principles from Windows NT and Windows Server (two operating systems that were integral to MSFT penetrating the enterprise market in the 1990s), as it aimed to create a cloud platform that would leverage Microsoft's existing expertise in operating systems and server infrastructure. Windows NT provided a robust, secure kernel architecture, while Windows Server offered enterprise features for managing applications and resources. Project Red Dog extended these principles to deliver cloud computing capabilities, focusing on scalability, virtualization, and distributed computing for a cloud environment.

Initially, Windows Azure was only for PaaS, enabling developers to build, host, and manage applications without handling the underlying infrastructure directly. However, not having access to the IaaS meant developers had limited control over compute scaling compared to AWS. In 2012, Windows Azure expanded to offer IaaS, allowing greater flexibility and direct management of VMs, bringing MSFT's cloud in line with the broader market needs and competing more like-for-like with AWS.

Though, it wasn't until 2014, when Satya Nadella became the CEO and rebranded the cloud to Azure, that the cloud business became the company's focus. Nadella came in with his 'cloud-first, mobile-first' strategy and ethos, accelerating Azure's growth by implementing key strategic changes. He expanded open-source support (for instance, enabling OSS such as MySQL, PHP, and various Apache projects to be used in Azure), enabling Azure to host a wider variety of applications and languages, which attracted more developers and enterprises.