CloudPassage Looks to secure your entire cloud infrastructure
Published in Shows and Events

Black Hat 2017, Las Vegas, NV -
The cloud has become one of those buzz words that people like to use when they want you to put your data or workloads on someone else’s computers and network. Amazon Web Services (AWS), Microsoft Azure, and some lesser known systems. The problem is that once you put your information into their network there is a lot that you have to do to ensure that your information or workloads are secure. Amazon, Microsoft and others are only going to take security so far for you and that leave you vulnerable.


Although Steve Ballmer is leaving Microsoft they have made statements that the company will continue to follow the plans he laid out for it; at least for the near future. Remember that Ballmer decided to cut the company back to only 4 divisions and decided to put people in charge of these divisions that are already running departments that are less than successful at this point. We have already given our analysis on these moves but want to remind you that most of these moves are intended to bolster Ballmer’s plans for Microsoft. But will Microsoft really follow these plans to the letter? We have a feeling that they will not once Steve is gone.


Microsoft as a corporate entity has had an interesting life cycle. When Bill Gates was in charge the goal was to build systems and software that would interconnect and build the back bone for corporate and home networks. Interoperability was the key and the folks at Microsoft insisted on creating their products to work now and also support older programs (and in some cases hardware). This was vital for their target market; the enterprise. Bill Gates knew that if he build a solid back ground in companies, universities, schools etc then it would spread to the consumer market. The plan worked and continued to work simply because most people want a similar experience across their computing platforms (remember this point). The move was brilliant and Microsoft managed to get themselves very firmly entrenched in the market.


Going as far back as the initial Build release of Windows 8 we picked up a change in Microsoft’s business plans and their push in the market. It was not a subtle shift as some will have you think. It was the type of shift that borders on the desperate. It is like seeing someone that knows they have run out of time grasping at anything to make something stick. At that time we knew that something had to change and it brought back a conversation I had with a couple of investors while waiting in line for an nVidia press conferences at CES in 2011. The conversation was about modular components and how manufacturers could create an independent revenue stream by allowing for modular upgrades and online services.  For some reason we ended up talking about Azure and how it had become something of a failure for what Microsoft had wanted it to be.


Today was a bad day for the cloud as first Google Talk, then Microsoft Azure, and finally Twitter all faced outages that ran into hours of downtime or intermittent problems. The incident highlights one of the problems that companies face in putting their eggs in very large baskets. The outages began with Google talk and kicked off around 4am this morning (7-26-2012). This was not a simple issue with being able to connect to the servers though, it was something more widespread.

17As consumers are becoming less and less enchanted with their wireless carriers we are now hearing that Microsoft is trying to take a leaf from their book of tricks. With a wireless provider the way to get people in the door is to offer great phones (like the iPhone, Google Nexus, Galaxy III Etc) for amazing prices, but then to require a two year commitment for service. This is exactly what Microsoft might be doing with the next round or XboX hardware.

animal_farm-pigsYou know, back a very long time ago (sometime in 2007 or so) I wrote an article on how dangerous the idea of cloud computing was (and is). The article centered around the fact that in almost 99 cases out of 100 the company that is responsible for the security of your information and services are going to spend as little as possible on maintaining them and securing them. They are banking on the hope that no one tries that simple exploit or can even find the servers in question. Or for that matter they put their trust in other companies to manage their security for them. These companies then do the same thing all over again all to make sure they keep the best profit ratio possible.