This week’s order mandating US government departments to implement secure encryption in cloud applications, starting with Microsoft 365 (M365), is a reminder to all CISOs that cloud platforms, even from large providers, are not completely secure out of the box.
“Cloud products are easy to manage, easy to use,” said Ed Dubrovsky, chief executive officer and managing partner of Cypfer, a global cyber incident response firm.
“The challenge with that is that the M365 platform is not really secure. We in the security service have been shouting for years [at Microsoft]’Why don’t you say MFA [multifactor authentication] should it be enabled? Why is it an option? That’s not right.’”
Source link