Express Computer
Home  »  Cloud  »  Microsoft wants more security researchers to hack into its cloud

Microsoft wants more security researchers to hack into its cloud

0 118

Microsoft Corp has what may sound like a counter-intuitive request: Please try to hack into Azure more often. The company isn’t encouraging malicious attacks but it does want security researchers to spend more time poking holes in its flagship cloud service so the company can learn about flaws and fix them.

Many so-called White Hat hackers do this for the company’s older products like Windows, Office and browsers, but there aren’t enough working on Azure, said Kymberlee Price, who oversees community programs in Microsoft’s Security Response Center. The company is planning several steps to change that, including explicitly stating it won’t take legal action against researchers and creating a game-like reward system that gives successful bug-finders perks and bragging rights.

Microsoft currently offers bug bounty payments for Azure, but “it’s just not getting as much activity as I would like to see,” Price added.

It’s an issue Microsoft needs to worry about as it bets big on cloud services for revenue growth. The shift to cloud computing is changing cybersecurity, providing new opportunities and new challenges. One of the biggest risks is that Microsoft now runs services for customers in its cloud, which means the software giant is on the hook to protect them.

Microsoft is planning to release what’s called a Safe Harbor statement giving researchers legal clearance to report a vulnerability. “We’ve always done that but we’ve never formally articulated it,” Price said. It’s important to publish a formal policy as researchers work more on cloud systems where they may worry they’ll accidentally knock a service offline or access customer data and get in trouble, she said.

In her first stint at Microsoft in the 2000s, Price was one of the security engineers pioneering the company’s effort to collaborate with security researchers, rather than viewing them as adversaries. She left in 2009 and returned a little more than two years ago.

Right now attackers still target networks located at a company’s own offices more frequently than the cloud, but that’s changing, said Azure Chief Technology Officer Mark Russinovich. “The level of sophistication of the attackers and the interest in (attacking) the cloud just continues to grow as the cloud continues to grow,” he added.

Cloud security requires new tools and techniques but it also enables companies like Microsoft to track and analyze vast amounts of data to find malicious actors and scan networks of hundreds of thousands of customers so it can see attacks materialize.

Russinovich spoke about protecting the cloud at an academic conference at Microsoft attended by hundreds of Microsoft workers and security engineers from Amazon Web Services, Google, Nike Inc and others. The event grew out of a trail-running group that includes Microsoft’s Ram Shankar Siva Kumar, who oversees a team of engineers who apply machine-learning to cybersecurity, and peers at AWS and Google. The group would often share techniques and research while on the trail and the idea for a formal conference to exchange ideas was born.

The hope is that sharing data, tools and techniques publicly will help everyone better fend off attackers. As long as private customer information is protected, Microsoft wants to share security data, said Steve Dispensa, general manager, cloud and AI security at Microsoft.

“The idea that we’re smarter than the attackers is a malignant myth – they know before we do where the weak spot is,” he said. “We publish data, we all learn, a rising tide lifts all boats.”

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image