Wired Reporter’s Hacked Accounts Should be a Warning to Cloud Customers and Admins
By Jean-Paul Bergeaux
Chief Technology Officer, SwishData
The recent hacking of Wired reporter Mat Honan made many people rethink their personal web security. He explained how the lack of two-factor authentication allowed hackers to social engineer a reset on his passwords and get access to his Amazon, Gmail, Twitter and iCloud accounts, as well as his iPhone and MacBook. They wiped out his entire Gmail history, his iCloud account, and data on his iPhone and MacBook (which he was able to pay $1,700 to recover). Lucky for him, the hackers were interested in pulling a prank rather than stealing his money, or they could have probably accessed his financial accounts and done even more damage.
However, this should be more than just a warning to personal account holders. This should be a warning to enterprise admins that use cloud services of many types. Make sure your users are taking the highest security measures possible. You and the other admins in your organization should also hold yourselves to that standard. If someone was able to gain access to an admin’s account that had control over an entire enterprise’s cloud infrastructure, imagine the damage they could do! Some cloud offerings have backup and disaster recovery (DR) as part of the contract, but if you’re hacked, how do you know that those policies cover that kind of damage? Or that the hackers won’t follow through to eliminate those copies as well?
It’s a Scary Thought, But It Doesn’t Have To Be
The only way to completely prevent that kind of situation is to have a non-cloud, internal copy of the data either offline or separated electronically from your cloud copy. A hybrid cloud would be more likely to survive a hacking situation. The internal copy or private cloud should be separate and secure.
At SwishData, we generally use public cloud for DR copies of the data and private cloud as the primary production copy. This is not because of the security concerns, but because often the total cost of ownership of private cloud is better than public for the primary production copy. DR and backup copies are perfect for cloud for multiple reasons. The most obvious reason is that DR sites tend to be similar in cost to primary sites. Yet, the requirements and usage footprint of DR copies of data are significantly lower. Those lower needs allow for a more cost-effective cloud service to be used.
Now, after the recent news, we’ll include some added notes about security policies for users and admins in our recommendations to customers considering cloud services.
Want to hear more from SwishData? Visit my Data Performance Blog, and follow me on Facebook and Twitter.