Saturday, November 25, 2017

Microsoft cybersecurity spending skyrockets to $1bn, much of it is used to protect Azure data centres

Company claims Azure to “represent the cutting edge of cloud security and privacy”.

Being in the Top 3 of the global public cloud providers arena has its challenges and one of them is around cybersecurity, an area which has in recent months sparked much chaos and concern globally.

Microsoft has now unveiled it is spending $1bn every year to keep cybersecurity PR nightmares at bay, and a large chunk of the sum is being put towards the protection of Azure cloud data centres.

Kushagra Vaid GM, Azure Hardware Infrastructure, said in a blog post: “Microsoft spends one billion dollars per year on cybersecurity, and much of that goes to making Azure the most trusted cloud platform.

“From strict physical data centre security, working to ensure data privacy, encrypting data at rest and in transit, novel uses of machine learning for threat detection, and the use of stringent operational software development integrity controls, Azure represents the cutting edge of cloud security and privacy.”

Microsoft has previously released that it has spent between $15bn to $20bn in building out Azure.

Microsoft Azure’s current and future global footprint. Source: Microsoft Azure


From Project Olympus to Project Cerberus

Building on its cybersecurity efforts, Microsoft has launched Project Cerberus on the back of Project Olympus launched at the end of 2016.

Project Cerberus, an open hardware initiative, has been designed to help defend platform firmware from several threats, including malicious insiders with administrative privilege or access to hardware, hackers and malware that exploit bugs in the operating system, application, or hypervisor, supply chain attacks, and compromised firmware binaries.

“Project Cerberus consists of a cryptographic microcontroller running secure code which intercepts accesses from the host to flash over the SPI bus (where firmware is stored), so it can continuously measure and attest these accesses to ensure firmware integrity and hence protect against unauthorized access and malicious updates,” Vaid explained.

“This enables robust pre-boot, boot-time and runtime integrity for all the firmware components in the system.”

He continued: “Just as with the Project Olympus open source model, we anticipate that contributing Project Cerberus specifications will enable robust participation from the OCP ecosystem for community development amongst industry participants, and this open collaboration will lead to a more secure model for platform security which will benefit the industry.”