Security issues are accelerating the move to cloud

The recent Rackspace destructive attack against its managed Exchange servers revealed how vulnerable applications are when provided under the old model where the software manufacturer is separate from the service provider. Although it might be seen as a SaaS offering, Rackspace was effectively managing 3rd party software already available as a service (i.e. Microsoft365).

In this case, the outage (now preventing customers to access email for weeks) is caused by a persistent threat actor infiltrating into Rackspace's Exchange systems and launching ransomware. Notably, the attack could have slipped in via the actively exploited ProxyNotShell Exchange vulnerability: researchers have noted several of Rackspace's servers were vulnerable prior to the attack.

Furthermore, it took more than 2 months for Microsoft, in the role of software manufacturer, to finally fix this vulnerability (just last week), leaving administrators to manually implement mitigations. Meanwhile, Microsoft as a service provider fixed the issue immediately for its SaaS customers, probably even before the vulnerability was publicly disclosed back in September. No wonder Rackspace is now advising customers to move to Microsoft Exchange Plan 1 SaaS, for free (i.e. paid by Rackspace).

The Cybersecurity & Infrastructure Security Agency (CISA) is now pretty straightforward in its recently published guidance for small businesses: "One major improvement you can make is to eliminate all services that are hosted in your offices.", they say. CISA correctly identifies on-premise systems as those requiring the most time to patch, monitor, and to respond to potential security events. "Few small businesses have the time and expertise to keep them secure".

Now it seems even large organizations such as Rackspace are having the same difficulties. Whenever there is a SaaS alternative, businesses should choose it.