Customers must protect their own identity infrastructure



[ad_1]

Microsoft is urging customers to embrace the cloud for security, warning customers with on-premises services that they are responsible for protecting their own identity infrastructure.

The Redmond, Washington-based software giant strongly recommends that customers manage identity and access from the cloud, noting that with Azure Active Directory, Microsoft is responsible for protecting the cloud’s identity infrastructure. . Microsoft said it was able to detect and remediate attacks that no one else could see with the visibility provided by enterprise cloud-scale machine learning systems.

“We were also reminded of the importance of cloud technology over on-premises software,” wrote Vasu Jakkal, Microsoft’s vice president for security, compliance and identity, in a blog post. Thursday. “Cloud technologies such as Microsoft 365, Azure, and the additional premium service layers available as part of these solutions enhance an advocate’s ability to protect their own environment.”

[Related: SolarWinds Hackers Kept Going After Microsoft Until January]

Microsoft said Thursday that SolarWinds hackers were able to download source code for its Azure, Exchange and Intune cloud products. The downloaded Azure source code was for subsets of its service, security and identity components, according to Microsoft.

Organizations that delegate trust to on-premises components in deployments that connect on-premises infrastructure and the cloud find themselves with an extra seam they need to secure, the Microsoft Security Research Center (MSRC) wrote in an article blog post Thursday. As a result, if an on-premises environment is compromised, Microsoft has said there is an opportunity for hackers to target cloud services, the MSRC said.

Many organizations with hybrid deployments delegate trust to on-premises components for critical decisions about authentication and health management of directory objects, according to Alex Weinert, director of identity security at Microsoft. But if the on-premises environment is compromised, Weinert said these relationships of trust mean that hackers can also compromise a victim’s Microsoft 365 environment.

“As we have seen in recent events related to the SolarWinds compromise, the on-premises compromise can spread to the cloud,” Weinert wrote in a December 18 blog post. “Since Microsoft 365 acts as the ‘nervous system’ for many businesses, it is essential to protect it against compromised on-premises infrastructure.”

SolarWinds hackers have taken advantage of Microsoft’s technology on numerous occasions to attack emails from US government agencies or private sector organizations. Hackers infiltrated the email system used by senior Treasury Department management by performing a complex step in Microsoft Office 365 that made the Treasury system believe the hackers were legitimate users.

SolarWinds hackers attempted unsuccessfully to enter CrowdStrike and read its emails through the Azure account of a Microsoft reseller responsible for managing CrowdStrike’s Microsoft Office licenses. Additionally, the certificate used to authenticate Mimecast’s Sync and Recover, Continuity Monitor, and Internal Email Protect products to Microsoft 365 has been compromised by SolarWinds hackers.

The chief technology officer of a large national solutions provider who asked not to be named warned that the cloud doesn’t solve everything from a security standpoint and urged customers to determine for themselves, burden of work per workload, if cloud or on-premises are more suitable. For some customers, the CTO said more customization was available on-site for security configuration and management.

“I don’t think it’s technically sound for Microsoft to deny responsibility [the SolarWinds hack] on-premise software and things like on-premise services, ”the technical director told CRN. “A cloud provider, like Microsoft, is not entirely responsible for compliance, privacy, and any security a business may need.”

Microsoft’s on-premise warning flies in the face of a hybrid cloud strategy to secure a customer’s most valuable assets with the best security technologies, said Bob Venero, CEO of Holbrook, solutions provider New York-based Future Tech Enterprise, No. 96 on CRN 2020 500 solution provider.

“The message that the cloud is more secure than the on-premises vendor or local customer is an ambitious statement,” Venero said. “The point is, big cloud providers like Microsoft Azure are higher targets. They are constantly bombarded by bad actors to gain access to their organizations. They are a bigger target with their tens of thousands of customers compared to me who locks down my local on-premise scenario using the best technologies and tools from different security ecosystem vendors.

Jakkal acknowledged in his blog post Thursday that Microsoft was “of course” a prime target for SolarWinds hackers given the expansive government and commercial use of Microsoft’s productivity tools as well as the company’s leadership in security. . Media reports and industry figures like Alex Stamos have attributed the SolarWinds hack to the Russian Foreign Intelligence Service, or SVR.

As for Venero, he sees “embracing the cloud” for a more secure infrastructure as a “give me everything” approach that puts the customer at greater risk. “We can strengthen an on-premise solution and provide better security with a hybrid cloud approach versus someone deciding to outsource all of their data, strategic organizational information, financial data, and personal information to a single vendor. cloud, ”he said.

The all-in-one cloud methodology also ignores the exponential increase in the number of cloud provider employees who have access to customer data, Venero said. “You increase your risk footprint just by the simple fact that you outsource to a global cloud provider,” he said.

Venero raised the case two years ago of a former Amazon Web Services software engineer arrested in connection with the Capital One breach in spring 2019, which ended up exposing the personal information of 106 million card applicants. credit and customers in the United States and Canada. In this case, Capital One agreed to pay $ 80 million to settle federal charges related to hacking its computer systems in 2019, which was one of the biggest financial data breaches.

Venero said there were also issues with cloud providers who could shut down a customer due to data or information hosted in the cloud. “What if a defense contractor has information about a weapon of tactical destruction and the cloud provider doesn’t agree with it socially?” Venero said. “Think about that risk.”

Future Tech itself is sticking to its hybrid cloud recommendation to customers, Venero said. “Microsoft’s message is, ‘Give us everything, give us your hunger, your fatigue and your poor,” he said. “They believe in a world where on-premise is not necessary for businesses. For some organizations, this may be the case. For businesses and government agencies, this is not appropriate. They can’t have all of their eggs in one basket that they don’t control. Then it’s not your systems, or your people, or your processes, policies and procedures, it’s theirs now. “

Venero said he is seeing more and more customers moving to the cloud to save money, but then realize the savings are falling short. “The challenge is getting out of the cloud after you’ve done everything, and sometimes it’s just prohibitively expensive, so they end up staying there,” he said. “We have seen it in many cases.”

Venero’s advice to customers: “Our message will always be the same: you need a hybrid on-premise and cloud approach. Each of these approaches will be specific to the customer, their business, their applications and the way they measure risk in their organization. Once you get the hang of it, you can create the right cloud strategy that can give you the best of both worlds. That’s what we’re here to do for our valued customers. “

CRN has reached out to Microsoft for comment on this story but had not received a response at press time.

[ad_2]
Source link