Microsoft Fumbles Security Again
Microsoft decides to store internal secrets on a public storage server open to the internet
Microsoft, do you guys do this just to see how hard you can make my conversations with CISO as a bet or something?
Seriously, how am I meant to go and battle with CISO and tell them they’re being unreasonable with their demands when you go and do things like this?
Suddenly all their policies to deny any inbound traffic from cloud, to require all data to be encrypted exclusively with on-prem generated keys, to encrypt data even if its sent over HTTPS or TLS, all seem perfectly sensible. Eminently reasonable.
Moving HPC workload to Azure gets a lot harder with stories like this in the news….
I’ve lost count the number of times I’ve been in meetings rooms with cloud solution architects that will proclaim that their security is as good, if not in fact better, than whichever banking client’s office we happen to be sitting in. It gets hard to take those kinds of claims at face value when things like this happen.
30 days to even secure the exposed secrets. Storing secrets on a storage server? In plain text? Come on.