Microsoft Boosts Software Security Following Azure Cloud Attacks
Image Source: Shutterstock.com
Security
Nov 2, 2023 7:00 PM

Microsoft Boosts Software Security Following Azure Cloud Attacks

by HubSite 365 about The Verge - Microsoft Posts
External Blog Post
Pro User

SecurityLearning Selection

Microsoft amplifies cybersecurity efforts with Secure Future Initiative following Azure cloud attacks

Microsoft, grappling with multiple high-profile cybersecurity incidents over the last few years, has launched a substantial cybersecurity initiative named the Secure Future Initiative (SFI). This marks the company's most significant security overhaul since its Security Development Lifecycle introduction in 2004. Microsoft aims to revolutionize how it designs, builds, tests, and operates its software and services through this initiative.

Key Points of the Secure Future Initiative (SFI):

  • Utilizing AI and Automation: 

    • Microsoft plans to extensively use automation and AI in software development.

    • Aims to enhance cloud service security, reduce the time needed to address cloud vulnerabilities, implement better default security settings, and fortify infrastructure to prevent encryption keys from being compromised.

  • AI-based Cyber Shield: 

    • Commitment to building an AI-based "cyber shield" to protect customers and countries globally.

    • Using AI to detect threats rapidly across its vast network of data centers.

  • Accelerating Vulnerability Mitigation: 

    • Aims to cut the time required to mitigate cloud vulnerabilities by 50%, aiming to reduce the industry-standard 90-day window for security fixes.

  • Strengthening Encryption Key Protection: 

    • In response to incidents of stolen signing keys, Microsoft is moving identity platforms to confidential computing infrastructure.

    • Ensures data remains encrypted even during computational processes.

  • Improving Security Defaults: 

    • Plans to implement more secure default settings for Multi-Factor Authentication (MFA) across a broader range of customer services over the next year.

Context and Background:

  • This initiative comes at a crucial time for Microsoft, following recent criticism of their cybersecurity practices and the mounting challenges posed by increasingly sophisticated cyber threats.
  • Microsoft has been at the center of major cybersecurity incidents, including the SolarWinds attack, a Microsoft Exchange Server flaw affecting 30,000 organizations, and a breach of US government emails via a Microsoft cloud exploit.

Conclusion:

Microsoft's Secure Future Initiative represents a comprehensive effort to bolster the company's cybersecurity defenses, addressing vulnerabilities, and aiming to stay ahead of increasingly sophisticated cyber threats.