[nucleardog]

I agree you shouldn't write off any platform/software/etc based solely on the number of vulnerabilities. I also agree that how responsive they are to fixing things is a factor to consider. But I think that's only _a_ factor.

Take something like a container escape vulnerability.

We could have Vendor A where they're just running containerd on a bunch of hosts on a single network segment and throwing everyone's containers at it so a container escape vulnerability essentially gets you access to everything any of their customers are running.

Where-as Vendor B segments running containers into VMs, so a container escape vulnerability means you can only access your own data. Not great because if one container is compromised that gives them a path into the rest of your workloads, but at least I know they're maintaining a pretty solid wall between tenants.

Then there's Vendor C that actually runs containers using some micro-VM framework so each container is running fully isolated by a hypervisor with a fully separate emulated network stack, etc so the escape really gets them no more access than they had inside the container.

A pattern of issues like Vendor A is, well, a pattern. A series of issues that show their systems are fundamentally not designed for proper isolation between tenants and are lacking defense-in-depth measures to mitigate the fallout of the inevitable security issues is a very good reason to write off Vendor A regardless of how quickly they respond to the issues.

I'm not going to go back and review all the Azure issues, but my recollection from the few writeups I've read definitely paint a picture of a lot more "Vendor A" type issues than I'd be comfortable with.

[jiggawatts]

All of this presupposes that whatever you implement yourself will be more secure and/or that you have the budget to even begin to approach the same level of security.

I’ve been there, done that, and was amazed how the security aspects only rapidly escalated to many millions of dollars and an ongoing cost also in the million or two range!

Think of this like a CEO: they’re less worried about Chinese hackers and more worried about about insider attacks. They’re much more common and do way more financial damage.

The cloud automatically provides separation of roles because an entirely different vendor is in charge of the lower layers, such as networking and storage.

Do you have any idea how hard it is to prevent a smart sysadmin from simply copying all data to a USB drive and walking out of the building with it?

That’s much harder when everything is on a managed hosting platform and no single person can access all accounts / subscriptions.

[jorams]

> All of this presupposes that whatever you implement yourself will be more secure

No, this thread is about Azure in particular having a bad security posture, not the cloud in general.

[jiggawatts]

True, but on-prem is unlikely to be better than even Azure, especially if you use “simple” services such as VMs and the like.