In the Press
Photo via U.S. Patent and Trademark Office
Microsoft wants to keep the cloud locked up.
The tech firm is seeking to patent a method of “cloud attack detection” that uses API access analysis. Microsoft’s system essentially tracks user access data related to cloud programs to proactively figure out if an attempted log-in is indicative of a cyber attack.
“Attackers that get access to cloud compute resources through the API can leverage easy access to the metadata server to steal a token,” Microsoft said in the filing. “An improved cloud resource security method can detect attempts to steal cloud identities.”
Microsoft’s system uses a machine learning model to monitor and detect anomalies in an API access log. For reference, an API in this context is what allows cloud services to communicate with one another, and access logs just represent the requests users have made to bridge that communication and access certain features.
This model catches anomalies by essentially tracking if an access request came from the cloud provider that the resource is stored in. For example, if a user is seeking to access a program in Microsoft Azure, but the request comes from a user of Google Cloud, then this system may flag it as needing further vetting.
When it deems that a user attempting to gain access is fishy, it performs what Microsoft calls a “security mitigation action.” This could be checking the legitimacy of the log-in access request, performing an anti-malware scan on the resource the user is attempting to log into, or removing the user’s access permissions entirely. It’ll also alert both Microsoft operators and the operators of the other cloud service platforms (such as Google Cloud or AWS).
A system like this adds an additional layer of security and mitigates attacks before anything bad happens, rather than reacting to them after the fact.
Cloud cyber attack defense is a major concern among cloud providers, especially in the age of AI, said Trevor Morgan, VP of product at OpenDrives. AI models can be trained using GPUs via cloud providers, a service which Microsoft offers through Azure. Plus, AI training requires tons of data, a lot of which may be sensitive or personal depending on the model being trained.
“AI is going to magnify the volume of data (transfers) and requests – that curve is going to start going up, if not exponentially,” said Morgan. “And the more automation you have, the less human eyeballs are on things. So this (patent) is preparing for what AI is about to do with cloud computing.”
Cybersecurity patents like this also give Microsoft a stronger play for market share against Amazon’s AWS, which it battles both in the cloud and AI markets. And according to CRN, though AWS is still the industry leader, Microsoft has started closing the gap, ending the fourth quarter with a market share of 24%, leaving AWS at 31%.
This patent in particular adds an additional layer of security to cloud environments seemingly as a method of due diligence as it continues to work on lucrative government contracts. While government agencies have opened up to the idea of using cloud computing, they often have a “zero trust policy,” which “ultimately means trust nothing, and don’t let anyone access anything,” said Morgan.
“That doesn’t work in the real world,” said Morgan. “But our federal government does not take kindly to cloud platforms being compromised in any way … So this is just a means of being stringent.”