Microsoft Fumbles Security Again

Microsoft, do you guys do this just to see how hard you can make my conversations with CISO as a bet or something?

Microsoft employees exposed internal passwords in security lapse | TechCrunch

The tech giant secured a cloud storage server that was inadvertently spilling Microsoft internal data and credentials to the open internet.

TechCrunchZack Whittaker and Carly Page

Seriously, how am I meant to go and battle with CISO and tell them they’re being unreasonable with their demands when you go and do things like this?

Suddenly all their policies to deny any inbound traffic from cloud, to require all data to be encrypted exclusively with on-prem generated keys, to encrypt data even if its sent over HTTPS or TLS, all seem perfectly sensible. Eminently reasonable.

Moving HPC workload to Azure gets a lot harder with stories like this in the news….

I’ve lost count the number of times I’ve been in meetings rooms with cloud solution architects that will proclaim that their security is as good, if not in fact better, than whichever banking client’s office we happen to be sitting in. It gets hard to take those kinds of claims at face value when things like this happen. 

30 days to even secure the exposed secrets. Storing secrets on a storage server? In plain text? Come on.