CNBC has published a story reporting an announcement from Microsoft that warns thousands of cloud customers about exposed databases. This warning has come from an email issued by the technology firm.
In the email, Microsoft states: “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key.” Perhaps not, but a level of concern continues to exist.
In issuing the warning, Microsoft has cautioned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases.
The news follows a situation where Microsoft was breached by the same suspected Russian hackers that infiltrated SolarWinds, who also stole Microsoft’s source code. Ransomware groups began using the flaw to install their malicious programs.
The story comes at an interesting time, with many businesses moving data to the cloud amidst the pandemic but neglecting to protect that data beyond perimeter security. Cloud computing cloud computing delivers computing services – including servers, storage, databases, networking, software, analytics and intelligence – over the Internet, and represents an increasingly used business service.
Looking into the matter for Digital Journal is Gary Ogasawara, CTO of Cloudian.
Ogasawara begins my commenting on the importance of the announcement and its ramifications: “Microsoft’s warning should serve as a wakeup call for organizations relying solely on their cloud provider for security.”
He adds that the affected companies have no option other than to “Take matters into their own hands to safeguard their data, most importantly protecting it at the storage layer.2
As to how to manage this, Ogasawara recommends: “This includes encrypting data both in flight and at rest to keep cybercriminals from reading it or making it public in any intelligible form.”
He adds as a further thought: “In addition, organizations should have an immutable (unchangeable) backup copy of their data. Immutability prevents such criminals from altering or deleting the data and ensures the ability to recover the uninfected backup copy in the event of a ransomware attack, without having to pay ransom.”