Microsoft Cloud Data Breach Heralds Things to Come

There was an accidental data leak in a Microsoft's cloud services and we can expect more in the future

Microsoft announced that data contained within its Business Productivity Online Suite (BPOS) has been downloaded by non-authorized users, possibly making it the first major cloud-based data breach.

You'd better get used to this kind of thing because we'll be seeing a lot more of it in the future. All any of us can do is pray we're not a victim.

The knee-jerk reaction might be to blame hackers, but that's not so here. The breach was down to an unspecified "configuration issue" in Microsoft's data centers in the United States, Europe and Asia. The Offline Address Book component of BPOS, which contains business contact information, was made available to non-authorized users in "very specific circumstances," according to Clint Patterson, the poor guy at Microsoft who's having to apologize for the mistake.

The problem was fixed two hours after being discovered (how long was it open before that?), and to Microsoft's credit it has tracking facilities in place that allow it to clean up the mess by contacting those who downloaded the wrong data.

However, the whole affair will feel like a stomach punch for anybody considering cloud adoption in the coming year--especially those considering Office 365, Microsoft's major cloud offering that ties into its Office suite. As far as I can see, there are three basic threats that could lead to data leakage when it comes to cloud computing offerings from any vendor:

1. Misconfiguration of cloud service software, or bugs within the software; 2. Hackers stealing data, for fun or profit; 3. Employees being careless with data.

The third issue is nothing new, and employees with access to any sensitive data have always had the opportunity to pass it accidentally on to the wrong people. Think about all those e-mail disasters where the wrong attachment was sent, or where e-mails were accidentally forwarded to the wrong parties. Mix humans and computers together, and there will always be issues.

However, cloud computing presents unique opportunities to mess up royally. Many cloud services make it very easy to share data with either individuals or the entire Internet. This is part of the reason cloud services exist; they allow collaborative working. You can guess what might happen. It's late at night and a tired employee intends to share "Invite to Xmas party" with the world, but accidentally clicks the share button on the "Quarterly accounts 2010" document. What procedures are in place to monitor these kind of shares? Would it really be the case that the first you heard of it was when one of your clients held back the giggles and politely informed you?

Misconfiguratons and bugs are perhaps a minor concern because, hopefully, cloud software goes through massive testing before it's unleashed. And software companies never, ever make release buggy releases. Right?

Let's move quickly on.

The threat from hackers is undoubtedly the biggest concern. Hackers are the most intelligent and devious people on the planet. Nothing will stop them. Even hackers who aren't that intelligent or devious can cause a lot of trouble.

Having your data on your own servers, on your own premises, presented a physical barrier to hackers. Some hackers overcame even this, of course (Just Google the social engineering exploits of Kevin Mitnick), but mostly the situation was safe by design.

Encryption isn't the final word. Even encrypted data has a history of being compromised, usually due to bugs in the encryption software.

All of this means that, if your business is going to put data into the cloud, you will have to factor in the very real possibility it will be made public at some point. It will happen. It's just a matter of when, and what damage will be caused. It would be interesting to visit the offices of Microsoft, Google, and others to see if they eat their own dog food: Does Google rely on Google Docs for all of its hypersensitive business data? Somehow I suspect not, although I look forward to being proved wrong. There are laws in place covering data breaches, requiring companies to enforce reasonable security systems, but none of that amounts to a hill of beans once the data has escaped the cloud. And should stolen data be turned into a bit torrent, as appears to be the fashion at the moment, there's absolutely no chance of discreetly cleaning up by getting the data back from those who stole it.

So many issues hang over cloud take-up that it's hard to believe that some are referring to 2011 as the year cloud computing becomes mainstream.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags MicrosoftMicrosoft Business Productivity Online Suite (BPOS)

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Keir Thomas

PC World (US online)
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?