Configuration makes things insecure
Software giant Microsoft, which is trying to prove to the world that its cloud based architecture is secure, was red faced this week after a poor configuration left clients' details exposed.
Punters of Microsoft's Business Productivity Online Suite, which is a cloud-based version of including Exchange, SharePoint, LiveMeeting, and Office Communicator, had certain data leaked after a configuration error left their contact information exposed. Offline Address Books, which is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, were exposed to all and sundry.
Microsoft says that it fixed the configuration problem within two hours of discovering the problem, and that only a small number of illegitimate downloads occurred. But it is not clear when the faulty configuration was pushed to its servers, so it's not known how long the problem has existed.
It was not a major security flaw. No e-mails or documents were disclosed, nor were any personal contacts. But it is a flag against cloud based computing particularly as Redmond tries to position the next version of BPOS, named Office 365, as a complete package to compete with the likes of Google Apps.