this post was submitted on 14 Jul 2023
123 points (99.2% liked)

Technology

73967 readers
3281 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
123
How a cloud flaw gave Chinese spies a key to Microsoft’s kingdom (arstechnica.com)
submitted 2 years ago by PopBobert@lemmy.world to c/technology@lemmy.world
16 comments fedilink hide all child comments
 

Hackers stole a cryptographic key that let them forge user identities and slip past defenses.

you are viewing a single comment's thread
view the rest of the comments
[–] anon@kbin.social 2 points 2 years ago

I agree with you.

A company’s core business and skillset is rarely to manage an on-prem IT infrastructure, which is a highly complex endeavor these days. Security most always benefits from being put in the hands of cloud providers such as Microsoft, Amazon, or Google, who can mobilize the best talent and apply economies of scale and modern best practices to cybersecurity across an entire stack.

It also means far fewer liability headaches for the companies that transfer this difficult and onerous responsibility to cloud providers. It’s not even necessarily cheaper to go full cloud; I’ve seen multiple examples where it wasn’t, but the reduction in complexity and liability made common sense. So even the “LaTe-StAgE CaPiTaLiSm!!” claim is just a tired trope at this point.

It’s easy to focus on one publicized exploit of Microsoft’s cloud like this one, and not see the other side of the argument of how many exploits were avoided over the years by not having individual companies manage their own servers. It’s still entirely plausible that the general move to cloud infrastructure since the late 2000s is a net win for cybersecurity in aggregate.

I would also add that whether other cloud customers might be breached simultaneously in the extremely rare event of a cloud-wide exploit is not a consideration when a company decides to move from on-prem to cloud. It’s just a Moloch problem that doesn’t and shouldn’t concern them.