[TheNewsIsHere]

And it opens you up to potential exposure due to mistakes at the cloud provider.

About two years ago we got an email from AWS associated with a PHD notice. It “apologized” for an issue whereby the EC2 Security Groups in a single AZ were in place but not operative. All traffic was permitted for several hours, irrespective of the SG config.

We deploy and align host-based firewalls alongside whatever the cloud provider gives us, for exactly this reason.

Somewhere along the line “the cloud” seems to have gotten a reputation for some level of infallibility of which I’m not convinced.

See also the recent problem where Entra logs weren’t captured for some tenants, and are just gone.