When many of us moved our server and application needs to the cloud, we rejoiced that we no longer had to worry about the drudgery of patching. We didn’t have to monitor servers and their Patch Tuesday deployments; it was all in Microsoft’s hands. But as often occurs with cloud deployments, a solution that means you no longer have to worry about one area can create security issues in others.
Time and again in the handling of any cloud deployment, how we manage identity and authentication needs to be reviewed on a scheduled basis to ensure that the security of cloud assets is being handled according to the latest recommended guidance. In the worst-case scenario, the attackers find out first and don’t inform us to take action. In the best case, researchers find a flaw and work with the vendors to help us all make better security decisions — Orca Security recently pointed out just such a flaw.