Stolen master key: ownCloud: Microsoft fails to live up to its key role as hyperscaler

August 3, 2023

Holger Dyroff, Co-Founder and COO of ownCloud (Source: ownCloud)

Stolen master keys, lack of transparency and questionable technological solutions: The scandal surrounding the latest security breach at Microsoft is not abating. For Holger Dyroff, co-founder and COO of ownCloud, this is a prime example of why the big players on the market have long had a problem when it comes to data protection and digital sovereignty.

The loss of a master key, with which unauthorised persons can issue themselves functioning access tokens, is in itself a debacle for any serious software provider. But in the case of Microsoft, after the initial shock, more questions arise: Why does the company continue to remain silent about the extent and possible consequences? Why does Microsoft rely on a technology based on a master key at all? And why do third parties succeed in stealing it? To begin with: the existence of master keys is neither a questionable business practice, nor is it a failure on the part of the provider. Rather, it is a necessity of the business model, where Microsoft both hosts the cloud services and monitors the respective access to them. And even if the providers cannot be accused of malicious intent, it is ultimately the users who suffer the consequences of the theft.

This example shows why the centralised orientation of hyperscalers poses a considerable security risk and how the dependence on large companies like Microsoft has an impact – because all customers depend on the communication and transparency of the providers to whom they have entrusted their data. But what if companies simply remain silent about such and similar incidents? And how many other, comparable risks and problems are concealed in this way? In the end, the public usually only learns about it when a security-critical incident becomes public. A fatal mistake in dealing with all our data. The answer must therefore be: More communication, more transparency, more decentralisation and more open source culture. Then our digital sovereignty will also work.

Related Articles

Rohde & Schwarz at International Security Expo 2024

Rohde & Schwarz at International Security Expo 2024

Loss Prevention and a safe Critical Infrastructure with Advanced Scanning Technology Rohde & Schwarz participates in the annual International Security Expo, taking place in London, from September 24-25, 2024. At booth D30 in the Olympia main hall Rohde &...

Share This