stealth software | it's time to be BOLD !
It is time to be bold..... and move sensitive, valuable and compliance data back on-premises but at the same time take advantage of cloud storage platforms...
If data is moved to the cloud or internet, it is no longer safe from hackers and breaches. Government agencies and companies are using security gateways TLS 1.2 and 1.3 to protect data in transit, but cloud access and supply chains are being used as vectors of attacks for O365 and Azure. Breaches and attacks were reported by FireEye on December 8, 2020 and by Malwarebytes (Solarwinds) on January 19, 2021. At the end of 2020 a cloud supply chain was used for the exploitation of Office 365 and Azure in a massive hack of U.S. government agencies and countless private companies.
FireEye's Mr. Mandia described the attacker as a "highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack." https://www.zdnet.com/article/fireeye-one-of-the-worlds-largest-security-firms-discloses-security-breach/
Malwarebytes’ Mr. Kieczynski reported on January 19, 2021, that their internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environment. https://www.zdnet.com/article/malwarebytes-said-it-was-hacked-by-the-same-group-who-breached-solarwinds/
He further stated that the attacker was believed to have abused applications with privileged access to Microsoft Office 365 and the Azure cloud computing environment. A flaw in Azure Active Directory in 2019 allows attackers to abuse third party applications to get access to tenants.
The hack and breach at Malwarebytes followed a previous massive government hack that was reported on December 17, 2020 in which a cloud supply chain was used for the exploitation of Office 365 and Azure . Matt Hines reported that “The central issue behind the latest headline-grabbing security breach – an incident that directly impacted several major US government agencies – highlights pervasive issues related to many organizations’ use of the popular Office 365 and Azure Microsoft cloud platforms.”
Only now is Microsoft retiring and disabling TLS 1.0 and 1.1 and moving all their online serivces in Microsoft 365 to Transport Layer Security (TLS) 1.2+, "to provide the best in class encryption and ensure our services are more secure by default" (MC240160 - February 17, 2021).
We believe returning to file level, data centric, on premises, in flight and at rest security is a way for government agencies and private companies to protect their sensitive and valuable information and still benefit from the use of cloud storage platforms such as Azure, Amazon Web Services, Wasabi or any other private or public cloud offering. No more man in the middle attacks, customer control of the AES256 encryption keys in flight and at rest once the data is stored on premises or in the cloud. On premises key stores that can be deployed or storing encryption keys in SQL with added Transparent Data Encryption (TDE).
Even if bad actors get encryption keys of a file (since they would have to hack every file individually) they still do not have access to the data. A unique identifier is generated as the data is stored on the storage platform of choice. The unique identifier of the file is stored in SQL and needs to be reunited with that specific file (Binary Large Object or BloB) stored on the storage platform.
The same technology can be applied to Global Cloud File Systems (replacing NAS file systems) and Cloud Security Platforms.