What I don’t understand how this is not a mainstream news. This could have potentially impacted so many companies and governments… This is huge and it deserves to be widely known. Same hacking technique could have been used elsewhere. It requires a broad investigation
I’m with you there. More and more of these companies are shifting from on-premise hosting of their files to the cloud. On-premise required each company to have been breached individually for a bad actor to gain access. Now all of them moving to M365 in the same MS cloud means just a single breach gives access to a nearly bottomless amount of data. Just seems like companies are making short sighted choices for cost reduction over thinking about the potential long-term repercussions for putting their intellectual property and untimely their fates, in the hands of third party.
Well partly. Microsoft hosts US government data in a separate cloud than the rest of us, but having that get popped is pretty bad with all the FedRAMP security stuff in play.
These things are inevitable whether you host everything yourself or in the cloud. The latter simply has to be more secure than the former. And it probably is in many cases.
Just seems like companies are making short sighted choices for cost reduction over thinking about the potential long-term repercussions for putting their intellectual property and untimely their fates, in the hands of third party.
Welcome to late stage capitalism baby! It’ll only be a short stay though because these assholes are going to implode the planet looking for their next quick buck.
I swear sometimes it feels like capitalism is the boogeyman behind everything with some people.
This has nothing to do with late stage capitalism and everything to do with how cheap compute is becoming. Fact is that it’s just much more convenient to have everything in a managed cloud. You don’t need to manage your own servers, take care of maintenance, upgrades, etc. This removes a fuckton of overhead from your organization.
I’ve been part of on prem to cloud transitions at 3 different companies, and I saw the benefits firsthand. You can replace entire departments, and the contract your signing means you’re protected against pretty much any fuckup from the provider’s side.
Not to mention, I guarantee Microsoft’s cloud is more secure than 99.9% of the server rooms it replaced.
A company’s core business and skillset is rarely to manage an on-prem IT infrastructure, which is a highly complex endeavor these days. Security most always benefits from being put in the hands of cloud providers such as Microsoft, Amazon, or Google, who can mobilize the best talent and apply economies of scale and modern best practices to cybersecurity across an entire stack.
It also means far fewer liability headaches for the companies that transfer this difficult and onerous responsibility to cloud providers. It’s not even necessarily cheaper to go full cloud; I’ve seen multiple examples where it wasn’t, but the reduction in complexity and liability made common sense. So even the “LaTe-StAgE CaPiTaLiSm!!” claim is just a tired trope at this point.
It’s easy to focus on one publicized exploit of Microsoft’s cloud like this one, and not see the other side of the argument of how many exploits were avoided over the years by not having individual companies manage their own servers. It’s still entirely plausible that the general move to cloud infrastructure since the late 2000s is a net win for cybersecurity in aggregate.
I would also add that whether other cloud customers might be breached simultaneously in the extremely rare event of a cloud-wide exploit is not a consideration when a company decides to move from on-prem to cloud. It’s just a Moloch problem that doesn’t and shouldn’t concern them.
Add comment