Microsoft launching a broad restructuring of its software security in response to a string of cybersecurity incidents. The company is a frequent target of threat actors, with major breaches involving its Azure cloud platform in recent years. Given the increasing sophistication of these threats, Microsoft has decided to explore a significant transformation in the methodology of developing, testing, deploying, and operating its software and services, named the Secure Future Initiative (SFI). This initiative is being hailed as the most considerable security revamp since Microsoft's Security Development Lifecycle (SDL) of 2004.
Transition to AI & Automation-driven Cybersecurity
It is no surprise to see that Microsoft will introduce modern technology tools such as artificial intelligence (AI) and automation to radically enhance its security provisions. The aim is to expedite the detection and fixing of software vulnerabilities, improve the reliability of security configurations, and bolster infrastructure robustness, safeguarding against encryption keys being exploited by malicious actors.
Code scanning technology CodeQL, developed by GitHub, will be integrated as Microsoft pivots to a more intrusive, AI-driven model for threat detection and software development. CodeQL will conduct both static and dynamic analyses of code, accelerating the discovery and resolution of software bugs.
If you're unfamiliar with CodeQL, it is a code analysis engine that creates a database around the model that is compiling code. This database can be queried for analysis and inspection. Microsoft used CodeQL when investigating the Solarigate malware to allow scalable analysis of the code.
As an extension of this AI-inclusive methodology, Microsoft envisions the establishment of an AI-based ‘cyber shield'. This shield, powered by Microsoft's global network of datacenters, is expected to detect threats with unprecedented speed, hence neutralizing them before they can cause significant damage.
Efforts to Improve Response Time
Critics have pointed out that Microsoft's response time to security vulnerabilities has been underwhelming, particularly in reference to an Azure flaw flagged by cybersecurity firm Tenable. The company's Secure Future Initiative promises a significant improvement in response times. By channeling tech innovations and automation, Microsoft plans to reduce the time it takes to mitigate cloud vulnerabilities by 50 percent.
Improvements are also projected in the handling of encryption keys. This follows an incident where Microsoft cloud exploit was used by Chinese hackers to breach US government emails. Microsoft is moving identity platforms to a confidential computing infrastructure to ramp up security. This approach ensures that data overseeing identities remains encrypted throughout all stages of processing – resting, transitting, and undergoing computational processes.
Focus on Default Security Settings
In addition to exploring AI and automation, Microsoft aims to improve default security settings. The company will offer customers enhanced default settings for Multi-Factor Authentication (MFA) over the next year. This aims to make access to critical resources safer, primarily for services where customers need this protection the most.
In September, Microsoft AI researchers exposed an alarming 38TB of data accidentally, thanks to an Azure feature called SAS tokens. Shared Access Signature (SAS) tokens are a kind of security token provided by Microsoft Azure, giving clients restricted access to Azure resources without needing to use Azure account keys. SAS tokens are tricky to manage and revoke, and while Microsoft hasn't explicitly outlined their plans concerning SAS tokens, they are expected to be part of the Secure Future Initiative's security overhaul.