Over the last 44 years, Microsoft has become a trusted name in technology. Their logo, a familiar and colorful quartet of squares, is a visual comfort to their enormous user community. Consumers have welcomed the company’s products into their homes and businesses without hesitation. And for the most part, Microsoft has proven itself a trustworthy enterprise. That’s what makes yesterday’s news a bit more surreal than the average data breach headline.
Microsoft issued a statement that described what happened, identified the affected data, presented their actions in response, and reiterated their commitment to their customers’ privacy and security. The Microsoft security team traced the underlying problem to misconfigured security rules applied to a security group in an Elasticsearch database. Essentially, this change led to what could have been a huge problem for the tech giant. Luckily, Microsoft has a stringent security protocol that stripped most of the personal information from the data. The company handled the incident with record speed, ensuring the public that it can react quickly and learn from this experience.
As DivvyCloud CTO and co-founder Chris DeRamus told SiliconAngle, SC Magazine, and Information Security Buzz, misconfigurations have become all too common and have led to recent data leaks at companies such as Rubrik, Voipo, Gearbest, Meditab, and Dow Jones. What’s remarkable about the incident, according to DeRamus, is that in early November, Microsoft announced that it will be honoring the California Consumer Privacy Act throughout the United States. Even more impressive is that Microsoft is the first company to extend the European Union’s General Data Protection Regulation to customers around the world.
Concerned about misconfigurations? Install DivvyCloud with a free 30-day trial or speak with a DivvyCloud expert today!