The Cloud is a Security Force-Multiplier

Lessons from the Recent Microsoft Exchange Hack

Rick Tracy
Rick Tracy
March 16, 2021 • 3 min read

In 2011, Telos CEO John Wood and I wrote an article that explained why we thought the cloud would be more secure than on-premises-based systems for small and mid-sized organizations.

At the time, the cloud was new and there were many cloud detractors, largely due to security concerns. Needless to say, our perspective about the benefits of the cloud did not resonate in 2011.

Since then, the CIA’s adoption of commercial cloud services was the shot heard around the world as it pertains to cloud computing. The CIA’s adoption of the cloud sent a strong signal that the cloud can indeed be secure enough, even for the most security-conscious organizations.

Further, the recent pandemic has forced acceleration of digital transformation and cloud adoption. The concerns about cloud security circa 2012 are dissipating. The cloud is being viewed as a strategic business enabler as cloud services allowed many organizations to continue operations and support a remote workforce.

However, many organizations still choose to manage critical IT services, like email, on premises. Is it cultural preference for on-premises data centers? Continued lack of trust in cloud security?  Whatever the case, the recent Microsoft Exchange breach suggests that moving critical services, like email, to the cloud might actually be more secure. 

Thousands of organizations have been impacted by this recent hack. The Washington Post reports that there are “60,000 known victims globally, according to a former senior U.S. official with knowledge of the investigation. Many of them appear to be small or medium-sized businesses caught in a wide net.”

It’s important to note that Microsoft’s own vulnerability alert says that its cloud-based email system was not affected by this most recent hack. This stands to reason, as hosted systems are actively managed by the provider. Users benefit from a SaaS vendor’s expertise and economies of scale. It’s not necessary for customer organizations to have dedicated staff to maintain these systems, apply emergency patches, understand zero-day vulnerabilities, and assess for evidence of compromise.  By leveraging cloud services, you are leaving these very important tasks to the experts.

“Microsoft reported that tis cloud-based email system is not affected.”

IT systems have grown more complex. Also, hostile cyber-attacks are becoming increasingly prevalent and sophisticated. This, coupled with the skills shortage and cost of cybersecurity expertise, means that many organizations don’t have the wherewithal to effectively manage security on their own. 

As a risk management concern, it is time for business leaders and boards of directors to force the issue of cloud adoption for certain complex and critical IT systems.

Rick Tracy
Rick Tracy
Former Senior VP and Chief Security Officer
Rick Tracy is the former senior vice president and chief security officer at Telos Corporation.
Read full bio