From Inside the Cloud: What does Microsoft do to prepare for emerging security threats to Office 365?

Chang Kawaguchi is a group engineering manager for security for Office 365, Travis Rhodes is a lead security software engineer for Office 365 and Vijay Kumar is a senior product manager for Office 365.

If you have been following the From Inside the Cloud series, we regularly bring you an insider’s view on how we operate and manage the Office 365 service for security, privacy and compliance directly from the people behind the service.

Recently, there have been a number of cyber security related news articles about vulnerabilities and exploits. If you are wondering if the Cloud increases your data risk, in this week’s episode we focus on the measures that Microsoft has in place to prepare for emerging security threats to Office 365 as well as Microsoft Azure.

As we explain in this short video, we operate under the assumption that no computer system is perfectly secure, so we invest heavily in the “Assume Breach” approach.

Our colleague, Vivek Sharma, in his discussion on whether your data is safe at rest, highlighted the role of the Red and Blue teams as part of our “Assume Breach” approach.

And as core strategists of this approach for Office 365, today’s post focuses further on explaining the role of our Red team, an internal dedicated team of “white hat” hackers from varied industry backgrounds such as broader technology industry, defense and government, who conduct penetration testing on our system.

As a team, we push ourselves to creatively anticipate and simulate attacks from real-world adversaries using Tactics, Techniques and Procedures (TTP) that we know from ongoing research on emerging threats and trends. This then leads to the proactive exploration of vulnerabilities during a phase we call “reconnaissance” followed by “exploitation” where we try to bypass protections that may be in place and then lastly attempts to “access” the data. We in fact offer a number of examples of how we may go about this in this video.

Of course, as we do this there are clear rules of engagement to ensure that as we test the system we do not target customer data, impact service availability or compromise existing in place security.

Further, balancing the Red team is the Blue team whose role it is to monitor activities within the system to detect anomalous behavior and take action. As hard as the Red team is trying to find and exploit vulnerabilities the Blue team is trying to detect, investigate and mitigate security events.

Our red and blue teams work together within engineering to fix and harden the service. You can see and hear more on the Blue team’s work in our next post on Office Blogs, with lead engineer Matt Swann, who takes us behind the scenes of intrusion detection.

The combined efforts of our teams go toward improving detection by evolving our machine learning algorithms for the detection of anomalous activity as well as incident response.

We hope that today’s explanation offers a useful overview of how we prepare and plan for emerging security threats to keep your data safe. You can learn more about the ”Assume Breach” approach that Microsoft Azure and Office 365 utilize by visiting the Red team blog.

Let us know what else you would like us to cover in this series—send us your comments and questions and of course you can find by visiting the Office 365 Trust Center.

 Editor’s Note 11/11/2014
This post was updated to include Microsoft Azure, in addition to Office 365,  as part of the measures in place to prepare for emerging security threats.