“All of the attacks we’ve identified started “on premise”. And yet we only have direct visibility to the attack when it then moved to the cloud.”Brad Smith, President, Microsoft
“This is virtually a declaration of war”, fumed the US Senator Dick Durbin when the Solarwinds hack came to light with links to a suspected Russian group. The whole Solorigate attack has now boiled down to “Do you use cloud or not?” At least that’s how Microsoft looks at it going by their recent testimonies at the committee hearings.
(Image credits: Microsoft)
According to reports, the hackers slipped in malicious code into SolarWinds’ own software updates, which were shipped to about 18,000 customers, including Microsoft and FireEye. They also found their way into systems belonging to the Department of Homeland Security, the State Department, and the Treasury and Commerce departments.
In a joint hearing on Friday, former SolarWinds CEO Kevin Thompson blamed an intern for posting the naive “solarwinds123” password, on their own private GitHub account. Solorigate body count includes nine federal agencies; agencies that oversee nuclear weapons. Last month, Microsoft released a statement admitting that the Solorigate hackers were able to access internal systems within the company and view internal source code used to build software products.
Microsoft President Brad Smith, who has been representing the company in all the hearings, said the Solorigate investigation indicates that all the attacks started “on premise”. And, it was only exposed when it hit the cloud services.
Hot Takes By Microsoft
- One cannot understate the role of the cloud in mitigating these types of attacks.
- The Solorigate attack was successful because the Russian hackers were able to compromise on-premises identity systems.
- Microsoft’s cloud services allow users to detect anomalies and indicators of compromise in ways that are not possible in an on-premises environment.
- Using cloud services for identity management is safer and more secure than on-premises identity systems.
The Azure Assurance
Brad Smith, Microsoft President at Oversight Committee hearings
According to Smith, the victims of the Solorigate are only the tip of the iceberg, and all of the attacks that were identified started on premise.
“It is highly likely that there remain other victims not yet identified, perhaps especially in regions where governments and other organizations where cloud migration is not as far advanced as it is in the United States.”
Microsoft looks at SolarWinds attack as a moment of reckoning. The company is now urging every organisation to adopt a Zero Trust plan to defend against future attacks. Apart from Zero Trust, Microsoft also recommends companies to embrace the cloud. In his testimony, Smith reiterated on how cloud migration is critical to improving security maturity across organisations.
According to Microsoft, it allows cloud customers to leverage the company’s powerful AI, ML and defense-in-depth services that most companies simply “could not develop” on their own. Microsoft’s platform and services assess over eight trillion security signals every day. “In 2020 over 30 billion email threats were blocked by Microsoft cloud technology,” explained Microsoft in a blog.
When you rely on on-premises services like authentication servers, customers are responsible to protect their identity infrastructure. However, Azure protects the identity infrastructure from the cloud, Microsoft claimed.
Brad Smith, in his written testimony, has also reminded the committee that Microsoft’s cloud services are powering the Department of Defense’s JEDI project. Smith brought Center for a New American Security’s report to the committee’s attention which stated that the Pentagon lacked a robust digital infrastructure to support modern warfighting and building this infrastructure will require additional investments in cloud computing, data labeling and storage. “This [cloud] is reshaping military technology in the same way it is impacting every other field. DoD has embraced these trends through projects like the Joint Enterprise Defense Initiative (“JEDI”),” he added.
While Microsoft highlighted how on-premise systems were compromised by the hackers, top execs from companies like IBM and Dell were not convinced. For instance, Red Hat’s CEO Paul Cormier is of the opinion that “If any software could get broken into. The cloud providers could get broken into as well.”
Cloud Or Bust?
According to reports, hackers used Amazon’s cloud-computing data centers to launch a key part of the attack but Amazon remained unscathed. Though Solarwinds helps make a strong case for all the cloud vendors, ‘team on-premise’ like Dell — which makes dedicated workstations — were not pleased with Microsoft’s statements, which allegedly downplayed the benefits of on-premise. Though Microsoft historically has benefited from on-premise services, the success of Azure pivoted the company from on-premise. It is understandable why Microsoft wants everyone to migrate to cloud. But, cloud services are not all sunshine and rainbows. Organisations would like their data to stay with them. Few companies even reported on-premise to be more effective. For example, a couple of years ago, Dropbox revealed that it saved $74.6 million in operating costs over two years by moving from public cloud storage to its own lower-cost, custom-built infrastructure.
Whereas, Sanjeev Sharma, founder of self-driving tech company, Swaayatt Robots, said cloud cannot be used because of confidentiality issues. At Swaayatt Robots the team has collected over 1.5 million images to train their models. According to Sanjeev, it takes around 14 days to actually train this network. The team has developed deep energy maps for contextual segmentation of the surroundings of the self-driving vehicles for better perception. “So now, the moment you put your network in a cloud, your loss function is up there too. And that’s very confidential for us. I mean, that’s our entire USP,” he explained.
Image credits: Synergy Research Group
Cloud has its own issues which hybrid cloud service tries to fill in for. Today, almost every top cloud vendor offers hybrid cloud. In 2020 alone, the cloud market has hit $120 billion, of which the top five providers control 80% of the market. These top players also happen to be part of big tech which control most of the internet. Regardless of cloud’s pitfalls, the technology will be pushed, embraced and improved. Organisations will have to bear the brunt of fatigue caused by resource abundance. They have to be diligent in choosing the right service for their workloads as the “compute vs cost vs security” trade-off will remain an infinite game.