A US cyber safety body will review issues relating to cloud-based identity and authentication infrastructure that will include an assessment of a recent Microsoft breach that led to the theft of emails from US government agencies.
The review by the Cyber Safety Review Board will look at the malicious targeting of cloud computing environments, the US Department of Homeland Security (DHS) said in a statement.
“Organisations of all kinds are increasingly reliant on cloud computing to deliver services to the American people, which makes it imperative that we understand the vulnerabilities of that technology,” DHS secretary Alejandro Mayorkas said in the statement.
The review comes after US Senator Ron Wyden in July asked the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency and the Justice Department to “take action” against Microsoft following the hack.
Microsoft has been under increasing scrutiny following revelations that hackers allegedly operating on Beijing’s behalf got hold of one of its cryptographic keys and took advantage of a coding flaw to gain sweeping access to the company’s cloud email platform.
The Cyber Safety Review Board’s review will provide recommendations to help organizations protect against malicious access to cloud-based accounts , DHS said.