Kaseya incident

We're all so confident in putting all of our data in hands of trusted companies, many just do it because it's there, it's cheap, the suppliers are trustworthy, just put everything in the cloud. It should be safe because most of the world is using it and the company is from the USA.
Well, "That's not entirely accurate" as someone in "Independence Day" said.

When you run your own data on-premise it implies that you are THE ONE responsible for the security, how it works, when the patches will roll out, who is responsible, everything. The major advantage is that ransomware attackers need to be more specific if they really want to attack just YOUR company. If they attack your dearly ?aaS then they might get access to all of your sensitive data, internal network, everything.
So easy and beautiful, knock off one and you have thousands of victims to harvest bitcoins from. It's like "Ender's Game" (read the book, please) or "Independence Day" (ignore the critics scores). And when te s..t hits the fan you can't do a thing, you'll probably will miss any compensation because you didn't read the small letters, american courts will not give you a penny (but luckily you will probably be the main actor on the newspapers headlines.) There is no such thing as bad publicity. 

I get angry because Kaseya explains their current situation like this: "Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. "...
It means that on-premise customers who get hit should blame themselves because they didn't use cloud for everything. So stupid if you accept this explanation because "on-premise" gets infected by their own cloud services. They pulled the plug as soon as they realized what happened, on-premise customers got their notification of the intrusion too little too late... Did I hear someone mention SolarWinds supply chain attack? 

I never liked cloud/outsourcing because it feels artificially produced just to make more money, I do not trust external suppliers fully and i really don't know their routines, who might have insight into our data and so on. I only know that they won procurement by glorious Powerpoint presentations, top-ranked web hits and a affordable price tag. You put all of your sensitive data into hands of company that could be the next offer for a security breach. It could be Russians, Americans, Chinese, Iranians, Klingons or anyone who might use all of their muscles to penetrate your data if they really want or need. Even Microsoft Office 365 feels uncomfortable at this moment. Just imagine if Microsoft is the next offer...

I can't help but think that all of those guys/girls who are capable to penetrate "impenetrable" shields should work with something else, like searching for a cure for cancer instead of hacking?

In Sweden there is an authority called MSB (The Swedish Civil Contingencies Agency) that warns about this kind of development, country's entire infrastructure could be endangered by ransomware attack. We might not be able to buy a beer, bread or gasoline if attacks solely purpose is to take down all of country's money transactions.

If you use Linux based topology then you're probably safe.

Be wise in those times all of you wise executives, don't hang up onto the fancy commercials and ads about IaaS, CaaS, PaaS, FaaS, SaaS or whatever .aaS.
It feels more like that we need to go back to old good-fashioned on-premise gardening and do all the hard work ourselves.