Microsoft/Azure security concerns

Branching off from a different topic - I am curious if others share my concern with the underlying security of Microsoft’s core cloud platform (Microsoft365/Azure). In the aftermath of the Solarwinds debacle - it seemed like there were a series of breadcrumbs of information that led me to have serious concerns about how pervasive the breach into Microsoft’s core cloud infrastructure actual was. I have not independently researched this extensively - and honestly am not smart enough to do so if I wanted to - but from my limited knowledge, I saw enough to make me wonder whether the depth of the breach and what it would take to actually re-secure their infrastructure was being vastly understated simply because Microsoft is “too big to fail”.

Should I take off my tinfoil hat and just trust that Microsoft is on top of this or does anyone else think it is possible that there is a raging dumpster fire inside of Microsoft365/Azure that Microsoft is trying to keep under wraps while they get a handle on the depth of the problem?

Just a quick follow up/example of what I am referring to -

“Microsoft states that their investigation has shown that it is essential to assume a ‘Zero Trust’ philosophy, meaning that organizations should assume that all of their systems are unsafe and create security models based around this premise.”

Am I supposed to read that as “This investigation under-scores that moving to a zero-trust security posture is a good security best practice to be moving towards” or “Microsoft cannot ensure the security of our core infrastructure and advises everyone to assume that everything is breached”.

Ronald Reagan said it best “Trust but verify.” I don’t trust meaga big tech.

The literal future of Microsoft hinges on 365/Azure and if they get compromised it will get ugly… They are building everything around their cloud infrastructure. It is their golden egg.
The latest builds of 10 and now 11 practically ram azure AD down your throat. Personally based on the last couple years with the complete lack of QA from Microsoft I think it is not if but when.

1 Like

@davesn I do share your concerns. It’s one thing when we all had on-prem data centers. The targets were all spread out. Now with these huge cloud platforms there are many customers relying on Microsoft, Amazon etc not to leave a crack in the armor. Unfortunately we all know these things do and will continue to happen. I also believe that customers have a false sense of security. Another concern I have with Azure especially is the rate that the platform changes (think Windows upgrades on steroids) means it’s impossible for anyone to know the entire platform in enough detail to identify mis-configurations. I read this today and this article has a lot to say about Microsoft’s commitment to security https://www.theregister.com/2021/10/18/microsoft_malware_brand/

2 Likes