What happens when your cloud provider gets security dead wrong?

One of our concerns as we sell solutions to our client base is that we should be providing a good platform and adding value to that platform.

Unfortunately it is possible that the IT company you are using lacks the internal processes to ensure they are providing a value-add to that service rather than leaving the door wide open on your security.

This week I learned of the Codespaces debacle, in which a cloud solutions reseller left its security too open and was bombarded with a web-based attack that has taken them out of business and had a critical impact on their clients as well.

In short, I understand the attackers gained access to the Codespaces control panel and were able to impact the clients’ access to data. As the backup solution was accessed via the same technology there was no recovery path once the control panel was shut down. This is gained from the message they put up and other industry comment and may not be completely accurate, but it serves the purpose for discussion.

I cannot stress enough how important it is to work with quality providers as you move to cloud or hybrid solutions. Selecting the right security providers is part of the key here, for example, software developers and web developers are not security experts or infrastructure experts, and so leaving your security in the hands of developers is also not astute.

Whether your servers sit in your office connected to the web or sit in a data centre connected to the web or are in a virtual space connected to the web, the common element is the connection to the web. Security matters and you cannot afford to compromise as the level of attacks is very much on the rise.

There are constantly more threats and gaps being identified and abused before the hardware and software vendors are able to create patches and the support people are able to install them.

Security really needs to become a frame of mind in business as the mindset of keeping everything safe is as important as being able to pay the bills at the end of the month. You may work in a cash economy but wake up, this is the age of the digital economy and big dollars are being made and lost.

Yes, there are some security companies making the big dollars but it is the little companies that do not spend a bit that risk losing it all.

Factors to consider in your security deliberations are:

• Training or at least discussing with staff unsafe practices around opening of unscanned emails, clicking on links in emails or on websites, etc
• Setting computer usage policies that keep security top of mind
• Pre-scanning of emails before they arrive in your in-box
• Virus scanning on all PCs, servers, mobile devices such as phones and tablets
• A powerful firewall device at each of your internet connection points not just a PC software firewall
• Regularly tested backup to recover any files lost or damaged
• Password policies enforced on all connected devices
• Encryption of hard drives on portables
• Encryption of data stored off site or in the cloud

There is plenty more that can be considered and the more important the data or the more it is related to privacy regulations the more careful you need to be. Clearly, ensuring you select the best providers of your cloud solution is just a small part of the total security picture.

With legislation such as PCI and HIPPA becoming each company’s responsibility, there has never been a better time to seek advice from industry experts to ensure you have the right protection in place.

David Markus is the founder of Combo – the IT services company that is known for solving business problems with IT. How can we help?