Stolen Master Key

Silicon Editorial,
Linkedin
Stolen Master Key

Microsoft is not living up to its key role as a hyperscaler, says Holger Dyroff of ownCloud.

Stolen master keys, lack of transparency and questionable technological solutions: The scandal surrounding the latest security vulnerability at Microsoft is not going away. A prime example of why the big players on the market have long had a problem when it comes to data protection and digital sovereignty.

Debacle for serious software providers

The loss of a master key with which unauthorised persons can issue themselves functioning access tokens is in itself a debacle for any serious software provider. However, in the case of Microsoft, after the initial shock, further questions arise: Why does the company continue to remain silent about the extent and possible consequences? Why does Microsoft rely on a technology based on a master key at all? And why do third parties succeed in stealing it.

To begin with: the existence of master keys is neither a questionable business practice, nor is it a failure on the part of the provider. It is rather a necessity of the business model, in which Microsoft both hosts the cloud services and monitors the respective access to them. And even if the providers cannot be accused of malicious intent, it is ultimately the users who suffer the consequences of the theft.

More transparency, more decentralisation

The example shows why the centralised orientation of hyperscalers poses a considerable security risk and how the dependence on large companies like Microsoft affects it – because all customers depend on the communication and transparency of the providers to whom they have entrusted their data.

But what if companies simply remain silent about such and similar incidents? And how many other, comparable risks and problems are kept quiet in this way? In the end, the public usually only learns about it when a security-critical incident becomes public. A fatal mistake in dealing with all our data. The answer must therefore be: More communication, more transparency, more decentralisation and more open source culture. Then our digital sovereignty will also work.

Holger Dyroff

Holger Dyroff

is co-founder and COO of ownCloud.