Microsoft asks white hat hackers to 'invade' its cloud system
To ensure the safety of its cloud computing system, Microsoft is seeking to attract the attention of white hat hackers and security experts, who often help technology companies discover security holes.
The tech giant currently wants security experts to hack more often into Azure. Microsoft is even ready to pay generously if researchers find any flaw. The software company also offers to waive legal liability in case white hat hackers cause any damage to customers using Azure.
Microsoft does not encourage malicious attacks, but it want researchers to spend more time finding security holes of Azure cloud service. This method will help Microsoft save a lot of time and effort in finding and fixing holes.
Currently, many white hat hackers are involved in finding bugs for Microsoft's old products such as Windows, Offices and web browsers. However, according to Kymberlee Price, who oversees community programs at Microsoft Security Response Center, there are not many security researchers participating in finding bugs in Azure.
According to Price, Microsoft is offering lots of great bonuses and other perks but has yet to attract the number of researchers it wants. "It’s just not getting as much activity as I would like to see," she said.
This is a troublesome issue as the cloud computing array is becoming increasingly important, bringing a majority of revenue to Microsoft. The transition to cloud computing is changing the situation of network security, bringing new opportunities and new challenges. One of the biggest risks is that Microsoft is running a cloud computing service for customers who rent it, which means the software giant is supposed to protect them.
Microsoft is planning to launch a statement called Safe Harbor, which will help developers comfortably rummage and report vulnerabilities without worrying about legal trouble. "We've always done that but we've never formally articulated it," said Price said. "It's important to publish a formal policy as researchers work more on cloud systems where they may worry they'll accidentally knock a service offline or access customer data and get in trouble."
When she first worked at Microsoft in the 2000s, Price was one of the pioneering security engineers to collaborate with security researchers and white hat hackers instead of treating them as rivals. She left in 2009 and returned to Microsoft about 2 years ago.
According to Mark Russinovich, CTO of Microsoft Azure, hackers are still targeting business networks more often than cloud computing, but things are changing. The sophistication of hackers and the interest in cloud computing will be directly proportional to the speed of cloud computing's development, Russinovich added.
Meanwhile, according to Steve Dispensa, Windows Azure Multi-Factor Authentication manager and PhoneFactor CTO, sharing data between big security partners will also help prevent hackers from becoming more efficient. Microsoft wants to share confidential information with people, as long as it does not affect customers' private data.
"The idea that we’re smarter than the attackers is a malignant myth" said Dispensa. "They know before we do where the weak spot is. We publish data, we all learn, a rising tide lifts all boats."
By: Lily Haney