To ensure the safety of the cloud computing system, Microsoft is seeking to attract the attention of white-hat hackers and security experts, who often help technology companies discover security holes.
Microsoft currently wants security experts to hack more often into Azure. Even, Microsoft is ready to pay generous bonuses if researchers find a flaw. The software giant also offered to waive legal liability in case white hat hackers "hurt" customers who use Azure.
Microsoft does not encourage malicious attacks, but they want researchers to spend more time finding security holes of Azure cloud services. This will help Microsoft save a lot of time and effort in finding and fixing holes.
Currently, many white-hat hackers are involved in finding bugs for Microsoft's old products such as Windows, Offices and web browsers. However, according to Kymberlee Price, who oversees community programs at Microsoft Security Response Center, there are not many security researchers participating in finding bugs on Azure.
Microsoft is offering lots of great bonuses and other perks but has yet to attract the number of researchers we want, Price said.
This is a worrying issue as the cloud array is becoming increasingly important, bringing a majority of revenue to Microsoft. The transition to cloud computing is changing the situation of network security, bringing new opportunities and new challenges. One of the biggest risks is that Microsoft is running a cloud computing service for customers who rent it, which means the software giant is supposed to protect them.
Microsoft is planning to launch a so-called Safe Harbor statement, which will help developers comfortably rummage and report vulnerabilities without worrying about legal trouble. "We always do this but have never officially stated it. It is important to have a formal policy to ensure that researchers can freely go into cloud computing systems but don't worry about having legal problems if you accidentally knock down a service or interrupt access to customer data ", Ms. Price added.
When he first worked at Microsoft in the 2000s, Price was one of the pioneering security engineers to collaborate with security researchers and white-hat hackers instead of treating them as rivals. She left in 2009 and returned to Microsoft about 2 years ago.
According to Mark Russinovich, Azure Technology Manager, hackers are still targeting business networks more often than cloud computing, but things are changing. The sophistication of hackers and the interest in cloud computing will be directly proportional to the speed of cloud computing, Russinovich added.
Meanwhile, Steve Dispensa, general manager of cloud security and AI at Microsoft, said sharing data between big security partners will also help prevent hackers from becoming more efficient. Microsoft wants to share confidential information with people, as long as it does not affect customer privacy data, Dispensa said.
"It is foolish to always assume we are smarter than hackers, they always grasp weaknesses before we realize it to correct it.", Dispensa shared. "We will publish security data so that everyone can learn from each other, the tide will lift all boats up and down."