We’re only a few months into the year and it already looks like breach fatigue has taken hold. The latest breach to hit the headlines is the Microsoft Exchange hack and the potential exposure of more than 60,000 organizations, a figure that keeps climbing as the investigation marches on.
The Microsoft attack is interesting not only in its massive scale, but also because it resurfaces old discussions about on-prem versus cloud security, and where modern solutions such as Google Workspace can help businesses avoid becoming a breach statistic. With the innovative features available in today’s cloud technologies, it’s time to rethink the use of on-prem for critical workloads and applications.
The recent Solar Winds incident spanned large numbers of victims due to the platform’s sprawling footprint. In this case, the scope of the Exchange breach has grown as the result of automation and exploitation by multiple advanced persistent threat (APT) groups targeting unpatched servers. Even with a clear threat looming, many enterprises were still slow to act and 10 days after patches became available Microsoft said about 20% of online-facing servers remained unpatched and vulnerable. Those businesses are now left with remediation—expensive, time consuming and disruptive—as their only option.
The argument for maintaining on-prem assets has been going on for years and largely centers on enterprises’ desire to control their environments. When given the option to relinquish hands-on mastery over access to and administration of the company’s servers in favor of a migration to the cloud, some organizations said, “No thanks,” opting instead to keep their assets where they could see, touch and control them.