The cyber attack that is endangering many U.S. government and corporate networks is leading to a debate among major technology companies about what is the safest way for customers to store critical data.
This pits Microsoft Corp., which urges customers to rely on cloud computing systems, against others, including Dell Technologies Inc. and International Business Machines. Corp.
IBM -2.89%
, which claims that customers want to mix the cloud with the more traditional data storage space in a structure called hybrid cloud.
For about two months, government and industry cyber security experts have been trying to unravel the details of the incident, which is causing a reassessment of long-standing assumptions about network security. According to the investigators, the hackers gained access via the network company SolarWinds Corp. and other attacks.
In a House committee that spoke on Friday about the hack, Microsoft President Brad Smith said in prepared remarks: “cloud migration is critical to improving security maturity in many organizations.” All of the attacks the company has identified have involved systems involved, he said earlier.
The debate is part of the aftermath of the alleged Russia-led hack that Senate Mark Warner (D., Va.), Chairman of the Senate Intelligence Committee, said Tuesday could be in scope and scope “beyond anything we as’. a nation. ”
Microsoft, one of the largest cloud providers in the world, said cloud services offer customers the strongest data protection. A ‘mixed approach’ creates an additional seam that organizations need to secure. A consequence of this decision is that if the local environment is endangered, it will create opportunities for attackers to target cloud services, ‘Microsoft said in a blog post about the investigation into the hack.
The idea that the hybrid cloud is less secure is inaccurate, said Red Hat CEO Paul Cormier. The company acquired IBM two years ago, in part in a bet on the growing demand for hybrid cloud services. ‘Any software can be hacked. It is also possible to break into the cloud providers, ”he said.
Companies have traditionally invested in large servers to store much of the data on their products and customers. That changed about a decade ago, with the rise of cloud computing. Amazon.com Inc.
AMZN 1.17%
and Microsoft has made the business model popular, where they pay for hardware and software remotely while paying, eliminating the need for businesses to buy and maintain expensive equipment. The cloud business was a major revenue driver for both.
There is no indication that Amazon’s systems were directly hacked, but hackers used its extensive cloud computing data centers to launch a significant part of the attack, security investigators said. Senators have expressed irritation that Amazon did not participate in a Senate hearing over the hood. Amazon said it was “not affected by the SolarWinds issue” and law enforcement shared what it knew and informed government officials and lawmakers.
‘
‘Any software can be hacked. There can also be break-ins at the cloud providers. ‘
”
One of the biggest security issues surrounding cloud computing is the fear that compromising a service provider could lead to a wide range of customers accessing their data, cybersecurity said.
The expectation of customers to move all their data to the cloud is impractical, said Mr. Cormier of Red Hat said. Many companies, especially in the financial industry, have to store information on site for security or regulatory reasons.
By keeping many customers safe, data is seen as more secure, said Keith White, a former Microsoft CEO and senior vice president of hybrid cloud services at Hewlett Packard Enterprise. Co.
HPE 0.48%
HPE did not expose any of its customers to the SolarWinds attacks, he said in an interview.
“One of the main reasons to keep business on the premises is because the customer wants to know where their data is,” he said. White said.
The call for questions about hybrid cloud security “serves the broader Microsoft story,” Deepak Patil, senior vice president of Dell Technologies’ cloud business and former Microsoft cloud manager, told the Journal. “But the reality is: look at a majority of the customers, their workload is currently being offered.” Dell sells hardware and software to manage hybrid cloud systems.
Microsoft said in a statement: “We offer security options for deployment in both cloud and on-premises”, but added that the protection built into the cloud requires more effort to provide on-site servers.
In remarks for the Friday congressional hearing, Mr. Smith of Microsoft said that “when Microsoft’s cloud services are attacked, we can detect deviations and indicators of compromise in ways that are not possible in a local environment.” The company also could not hunt down Russian hackers in local networks, he said.
Senate Intelligence Committee Chairman Mark Warner said the alleged hack could be led by Russia in scope and scope “beyond what we as a nation have faced.”
Photo:
Pool / Getty Images
The attack on SolarWinds has affected at least nine federal agencies and 100 private companies and dates back to at least September 2019. U.S. authorities say the intruders are likely Russian intelligence agents. Moscow has denied responsibility.
Microsoft itself was a victim of the attack and used some of the source code to write software. The hackers looked at software linked to Microsoft’s Azure cloud, the company said. Mr. During the Senate hearing on Tuesday, Smith asked about the hack to conduct a full investigation into what other cloud services and networks the Russians had access to. ‘
Historically, Microsoft has had a large local enterprise with its Windows operating system that manages servers. But under CEO Satya Nadella, the software powerhouse has been aggressively driving its customers to its cloud products. It still offers products that facilitate customers by using their data centers.
–Sign up for our weekly newsletter for more WSJ technology analysis, reviews, advice and headlines.
—Robert McMillan contributed to this article.
Write to Aaron Tilley by [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8