It might sound like the stupidest thing a tech company could ever do, but it’s true: Microsoft is asking hackers to infiltrate its cloud platform, Azure.
Of course, there’s a little more nuance to it than that.
According to Bloomberg, the seemingly counter-intuitive request has been made in order to identify potential risks to the platform. “The company isn’t encouraging malicious attacks,” they explained, “but it does want security researchers to spend more time poking holes in its flagship cloud service so the company can learn about flaws and fix them.”
This process is already common practice for Microsoft with their older products such as Windows or Office, but, as Azure is still relatively young, there have not been as many White Hat hackers working on the cloud.
Kymberlee Price, who oversees community programs in Microsoft’s Security Response Center, has said that there will soon be incentives in place to encourage hackers to test Azure’s security. This will include a “game-like reward system” to give the best bug-finders special perks and bragging rights – and, of course, a promise that they won’t face legal action for any successful infiltrations they make.
These reward systems have actually been in place for a while, but Price says, “It’s just not getting as much activity as I would like to see.”
As computer systems begin to rely more on cloud storage and products, though, the need for penetration testers and ethical hackers is on the rise.
“The level of sophistication of the attackers and the interest in (attacking) the cloud just continues to grow as the cloud continues to grow,” said Azure Chief Technology Officer, Mark Russinovich.
Russinovich has been preparing for the risks for years, though, and is well aware that a cloud-based system poses a potentially greater threat than Microsoft’s longstanding platforms. “When it comes to customers, it’s important to understand that the cloud doesn’t necessarily introduce new threats, but it can magnify them,” he said back in 2014. “It is that lack of control and awareness that the cloud can create, impacting data management and credentials, which is the most prominent threat to cloud security.”
But the weight of the task doesn’t entirely rest on hackers. As well as compensating bug-finders for their services, Microsoft is using machine learning processes to identify flaws with Azure. As part of a team alongside Amazon Web Services and Google, they then share the techniques and research in the hopes that all major cloud-based services will stay at least one step ahead of malicious attacks.