The SolarWinds hack invaded at least nine U.S. government agencies and 100+ corporations. Now, Microsoft is at odds with Dell Technologies and IBM on the best way to secure data. Microsoft president Brad Smith stated that “cloud migration is critical to improving security maturity,” but the other two companies opine that a hybrid cloud and on-premise data storage is preferable. Smith stated that all the breached accounts Microsoft identified involved on-premise systems and that a hybrid system is more vulnerable to attacks.
The Wall Street Journal reports that, at Red Hat, the business acquired by IBM two years ago, chief executive Paul Cormier stated that the hybrid cloud solution is not less secure. “Any software could get broken into,” he said. “The cloud providers could get broken into as well.”
Amazon and Microsoft pioneered cloud-based hardware and software that enables companies to pay for services rather than buy expensive gear. Security researchers revealed that, “there is no indication Amazon’s systems were directly breached, but hackers used its sprawling cloud-computing data centers to launch a key part of the attack.”
Amazon, although it wasn’t part of a Senate hearing on the SolarWinds attack, “shared with law enforcement what it knew and had briefed government officials and lawmakers.”
Cormier added that, “expecting customers to shift all of their data to the cloud is impractical,” especially those companies that are “required to keep data on-premises for security or regulatory reasons.” Some cybersecurity experts believe that “one of the biggest security concerns around cloud computing is fear that the compromise of a service provider could lead to a broad set of its customers having their data accessed.”
Hewlett Packard Enterprise (HPE) senior vice president of hybrid-cloud services Keith White reported that none of its customers were hacked during the SolarWinds attack. “One key reason to keep things on-premise is because the customer wants to know where their data is,” he said. Dell Technologies senior vice president Deepak Patil added that, “the reality is, look at a majority of customers, their workloads are running on-prem.”
Microsoft responded that it sells “security options for both cloud and on-premises deployments,” and Smith added that, “when Microsoft’s cloud services are attacked, we can detect anomalies and indicators of compromise in ways that are not possible in an on-premises environment.” Microsoft was also attacked, with “some of its source code used to write software downloaded” and hackers viewing “software linked to Microsoft’s Azure cloud.”
Russia is widely believed to be behind the attack, which that country denies.