No Company needs MOVEit, Tell me otherwise?!
MOVEit is in the cross hairs again, a second critical vulnerability – meaning it is trivial to compromise.
Vulnerabilities in software don’t seem to be managed well by some, this second critical vulnerability should have been discovered and mitigated when doing the requisite post incident activities from MOVEits previous issue.
For businesses, this just further proves that you should not be using disparate “tools” provided by 3rd parties to solve problems or support business processes unless absolutely necessary.
MOVEit doesn’t even make sense, many an IT team could provide a better and more secure system for moving files while maintaining ownership of their data, Gosh I do this at home – paying for a provider is not removing your risk as has been proved in this case (twice).
Where necessary to use an external vendor, then always use Federation for auth and an Identity Provider that you trust, hopefully what you are also using as your business iDP. At least this way weak application security is behind a gatekeeper.
Tell me otherwise here.
Leave a Reply