Stefan Tilkov · Mar 13, 2021 · 9:53 PM UTC

Stefan Tilkov

Stefan Tilkov @stilkov

13 Mar 2021

Maybe one of the best ways for businesses to not run into security trouble with essential infrastructure is to not use Microsoft products, for the simple reason they’re the most attractive target. True or false?

@phaus@ruhr.social📯 · Mar 14, 2021 · 8:50 AM UTC

@phaus@ruhr.social📯 @phaus

14 Mar 2021

I think if one is using successful public SaaS, the attack surface is always big. One mitigation of the exchange issue, is the use of encrypted emails + good and tested backup/restore plans. And perform updates ASAP. As always: expect failures and be prepared to handle them.

Stefan Tilkov · Mar 14, 2021 · 9:56 AM UTC

Stefan Tilkov · Mar 14, 2021 · 9:56 AM UTC

Stefan Tilkov @stilkov

14 Mar 2021

Replying to @phaus

True. I was actually not thinking about SaaS offerings, though

Mar 14, 2021 · 9:56 AM UTC

@phaus@ruhr.social📯 · Mar 14, 2021 · 10:21 AM UTC

@phaus@ruhr.social📯 @phaus

14 Mar 2021

Replying to @stilkov

Okay… let me correct myself XaaS, IMHO this is valid for infrastructure, platform, software as a Service. You have to trust your service provider in doing their job right. Microsoft is collecting a ton of telemetry from every Software Deployment. Why didn't they warn beforehand?