Microsoft Hacked- Are we safe?

Posted in: Microsoft 25/03/22

In a week where Azure services were particularly targeted by Mal-Actors and Microsoft admitted that the source code for its search engine Bing had been compromised in a breach, its important to reflect on why Cloud Services remain the best option for securing your organizations mail and data.
An Enviable Position
Microsoft services get a big let off when it comes to third party security audits across the board. Even the Financial Conduct Authority, who were incredible woolly about the prospect on Financial Institutions putting data out to the cloud approved this in 2015 in their guidance. The basis for this is that Microsoft’s Cloud offering is based on “Enterprise Level” security. Within the Microsoft Compliance Centre your compliance manager will find all manner of pleasing reports covering everything from Privacy to IS027001.
However, it would be wrong to assume that sliding your infrastructure across to the cloud absolves you of all risk. The Cloud breaks down into 3 fundamental offerings
1. Infrastructure as a Service – replacing your server and Operating system
2. Platform as a Service – Replacing your operating system and base software
3. Software as a service – Hiring your applications by the month
In example 1. You remain responsible for security, administration etc.
In example 2 and 3 you still have a shared responsibility for the security of your data and need to understand this.
In hybrid mode the security elements are quite complicated and need specialist attention.

Is your data in SharePoint and Teams secure?
Yes it is. If you follow the recommended settings and use multi-factor authentication, almost certainly more safe than on most SME’s own infrastructure. Microsoft have really heaped on multiple layers of additional security features to boost confidence too such as tagging for critical data, Data Loss Prevention and Conditional Access. These are great features. However if you are not managing your Microsoft tenant then it is highly unlikely you are getting the best from these features.

Data security is a game played where you don’t know all the rules and you don’t have all the pieces. All you can do is stay vigilant and try to keep up with the changes evolving within the hacker groups. Certain technologies give you a leg up.
With the advent of Hacking as a Service and Ransomware as a Service on the Dark Web our jobs are not getting any easier!
For professional help with your move to the cloud or information security management please book a consultation.

Can we help?

Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.


Related news


Last Call! 130% Tax Break on New IT kit.

For business, these have been a challenging couple of years and we now have 25% Corporation Tax to look forward to. However, there is a tax concession

Read more

Microsoft Super Patch Tuesday

Yesterday Microsoft released 145 patches to resolve vulnerabilities in its software including 10 that are labelled “Critical”. This unfortunately does not include the PrintNightmare zero-day vulnerability that

Read more
Start a conversation

Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.