The Azure Security Lab takes the idea to the next level. It’s essentially a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them.
The Azure Security Lab isn’t open to the public — you have to apply. Microsoft is promising quarterly campaigns for targeted scenarios with added incentives, including exclusive swag. Security researchers will also be able to engage directly with Azure security experts.
“We have new scenario-based challenges with additional bounty awards of up to $300,000 in the Azure Security Lab. Throughout the year, more than $2 million of scenario bounty rewards will be offered to Azure Security Lab participants,” Kymberlee Price, Microsoft’s security community manager, told press ahead of the announcement. “The first scenarios will focus on breaking VM-based tenant isolation on Azure.”
Microsoft today also formalized its two-decade Safe Harbor commitment. These principles ensure security researchers receive recognition for their work.
Azure is Microsoft’s current cash cow. Securing its cloud is paramount not just to competing with Amazon Web Services and Google Cloud, but to Microsoft’s overall growth.