UPDATED 18:38 EDT / AUGUST 05 2019

CLOUD

Offering $300K to hack its cloud, Microsoft launches new Azure Security Lab

Microsoft Corp. announced today at the Black Hat USA Conference in Las Vegas the creation of a new Azure Security Lab that it believes will bolster the security of its public cloud service.

The company said that Azure Security Lab is an isolated set of dedicated cloud hosts designed to be tested by security professionals in order to strengthen the defenses of its cloud systems. The lab is isolated to ensure that anyone who is invited to “confidently and aggressively test Azure” will not disrupt the service while they’re doing so.

Microsoft’s own security researchers will work alongside the invited security pros to study the results of those tests. And Microsoft is encouraging security pros to “come and do their worst” to ensure that no stone is left unturned in its effort to find vulnerabilities within Azure.

“The isolation of the Azure Security Lab allows us offer something new: Researchers can not only research vulnerabilities in Azure, they can attempt to exploit them,” the company said when announcing the project. “Accepted applicants will have access to quarterly campaigns for targeted scenarios with added incentives, as well as regular recognition and exclusive swag.”

Microsoft is accepting applications from security researchers who would like to test Azure now. The company is offering a sizable bounty too, with rewards of up to $300,000 promised for those who can crack its security challenges.

In addition, Microsoft is upping the rewards on offer in its traditional Azure bug bounty program from $20,000 to $40,000. The company said it has paid out over $4.4 million in rewards over the last 12 months, up from $2 million a year ago. Now it’s teasing would-be hackers with even greater incentives.

The whole idea of bug bounties is that they encourage outsiders to test security systems for vulnerabilities and other bugs that could potentially put corporate assets and user data at risk. Companies would rather hand out rewards than see their systems get hacked, as any security breach could be far more costly, hitting their reputation as well as their bottom line.

As well as the increased rewards, Microsoft said it’s now accepting Safe Harbor principles, which means that security researchers can identify and report vulnerabilities in its systems without fear of legal repercussions.

Microsoft’s rivals offer similar bug bounty programs. Google LLC recently upped its maximum reward to $30,000 for “high quality” reports of vulnerabilities, up from its previous cap of $15,000.

Analyst Holger Mueller of Constellation Research Inc. said it was a sign of confidence from Microsoft that it’s inviting co-called white-hat hackers to try to break into its cloud.

“It’s a great approach to accelerate the efforts of infrastructure-as-a-service vendors to make their clouds more secure,” Mueller said. “One can hope Microsoft’s competitors will follow this initiative. But executives need to be reminded that direct hacking is the lesser threat than social engineering, which they still have to protect their enterprises from.”

Photo: 9sdworld/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU