Security News

Microsoft Wants More Security Researchers to Hack Into its Cloud

Microsoft Corp. has what may sound like a counter-intuitive request: Please try to hack into Azure more often.

Many so-called White Hat hackers do this for the company’s older products like Windows, Office and browsers, but there aren’t enough working on Azure, said Kymberlee Price, who oversees community programs in Microsoft’s Security Response Center. The company is planning several steps to change that, including explicitly stating it won’t take legal action against researchers and creating a game-like reward system that gives successful bug-finders perks and bragging rights.

Microsoft currently offers bug bounty payments for Azure, but “it’s just not getting as much activity as I would like to see,” Price added.It’s a problem Microsoft needs to worry about because it bets huge on cloud providers for income progress. The shift to cloud computing is changing cybersecurity, providing new opportunities and new challenges. One of many largest risks is that Microsoft now runs providers for patrons in its cloud, which suggests the software program big is on the hook to protect them.

Microsoft is planning to release what’s called a Safe Harbor statement giving researchers legal clearance to report a vulnerability. “We’ve always done that but we’ve never formally articulated it,” Price said. It’s important to publish a formal policy as researchers work more on cloud systems where they may worry they’ll accidentally knock a service offline or access customer data and get in trouble, she said.

Right now attackers still target networks located at a company’s own offices more frequently than the cloud, but that’s changing, said Azure Chief Technology Officer Mark Russinovich. “The level of sophistication of the attackers and the interest in (attacking) the cloud just continues to grow as the cloud continues to grow,” he added.

Cloud safety requires new instruments and methods however it also allows corporations like Microsoft to trace and analyze vast quantities of knowledge to seek out malicious actors and scan networks of tons of of hundreds of consumers so it might see assaults materialize.

(Image Courtesy:

Leave a Comment

Your email address will not be published.

You may also like