The Internet Service Provider (ISP) where The Venture Company website is hosted was hacked today, along with many other corporate websites the ISP hosts. Our index files representing our main website pages were defaced and replaced with the web page above, and access to our content was significantly restricted.
Apart from a public embarrassment the inconvenience of having to fix it, the event made me think about the implications of offloading and trusting more pertinent data to the cloud:
- Most ISPs have no disaster recovery plan in place to deal with security breaches. They simply lack the instant resources to help every customer regain access to their data quickly. Our ISP blocked administration access to the websites to deter further vulnerabilities which kept our website in an unstable state for more than six hours.
- Most ISPs have backup mechanisms, but lack the knowledge (and resources) to reload and restore a consistent state specific to each client. As a result clients should always rely on their own local data store, to restore quickly and with the most recent and consistent state. We made a conscious decision years back not to host our blogs in the cloud but to use desktop software (that we can back up ourselves), for exactly those reasons. We could not imagine waiting in line with hundreds of other distraught customers to retrieve a unique consistent state of information from the last generic backup.
- Security vulnerabilities remain rampant, and the technology provided to fix these are highly fragmented and far from waterproof. Physical, perimeter, viruses, logical and application security technology desperately keep trailing the latest tricks deployed by hackers, with concentrated cloud attacks providing a larger destructive impact than the simple defacement of a few web pages. The fragmented technology security industry is poorly aligned with the encompassing security needs of the emerging cloud.
- Few companies have a well-defined security strategy, and little transparency in the breadth of their security capabilities. Even fewer ISPs have addressed logical application vulnerabilities, which is equal to securing the front door of your house while leaving the windows open. And the number of applications, protocols and services that will exhibit vulnerabilities will increase dramatically.
There are great advantages to entrusting your data to the cloud (for one a single point of truth), but with many underfunded (or “capital efficient”) companies struggling to escape commoditization making wonderful promises, the chance of someone else gaining access or destroying years of valuable work is extremely high.
So before you entrust you data and applications to the cloud, ensure you have the backups to switch at a moments notice and stay in control of your own mission critical processes and information. We did, and in less than 5 minutes after a six-hour irritating wait for the ISP, we were back online.
- Equality is a fantasy of extraordinary proportion. — Georges van Hoegaerden - January 21, 2015
- If no man is created equal, why then do we debate equal pay? — Georges van Hoegaerden - January 21, 2015
- CalPERS pre-empts asset allocation - January 21, 2015
- Homogenization of people is a bad idea, we ought to focus on the value of our differences, not on the rut of our commonalities. — Georges van Hoegaerden - January 14, 2015
- Only realism can breed justifiable optimism. — Georges van Hoegaerden - January 14, 2015
- The fix to improving asset management’s effectiveness lies in its reinvention, not in the optimization of its bloated past. — Georges van Hoegaerden - January 13, 2015
- How to fix Twitter - January 8, 2015
- CalPERS change, a new schtick or a new stick? - December 28, 2014
- The risk profile – not money – determines what innovation can be discovered. — Georges van Hoegaerden - September 16, 2014
- An outlier knows no precedent. — Georges van Hoegaerden - September 9, 2014