I know this article is bucking the trend for using Cloud services. So, in the next few moments while reading this article really think about: What if your data is not available to you anymore?
I’m not a backwards thinker. I am in IT, and I am all about change. I do have concerns about the trend of moving data to hosted providers. It has been going on for a long time, and I see some very real issues.
The Internet Was Designed to be Decentralized
In the early days, the internet was called the APARNET, Advanced Research Projects Agency Network. It was divided into two parts, designed for use by the Military and Civilians as a distributed network with no centralization.
This was an advantage and strength because there was no one place to attack and cripple communications between government and educational institutions. The design was born out of the cold war and MAD, Mutually Assured Destruction, philosophy. If one section of the country was destroyed, this distributed environment would still work in places that were not touched by the devastation. This plan worked very well during the first decade of the Internet. Source: https://www.britannica.com/topic/ARPANET
Businesses are Giving Up Control of their Data
However, much of that thinking has changed. While the internet is still somewhat distributed, it has evolved to more of a centralized model with data being stored in the Cloud vs locally at a business. When our data infrastructure is concentrated like this, it is vulnerable to known and unknown zero-day exploits in the underlying operating systems that run the services.
The Cloud gives the bad guys a bigger target, for a bigger pay day. The data for thousands of customers are stored together.
We have gotten away from decentralized (local) data storage for convenience and price. Businesses and consumers enjoy the idea they can access their data anywhere, and off-load equipment, personnel, and utility bills for a lump sum. These entities are lulled into a false sense of security when they give up control of their data to a Cloud provider.
We have already witnessed breaches with the Cloud, releasing valuable data to the dark web for sale or publication on the internet, as well as well-publicized outages. Companies have lost control of intellectual property, demographic, and financial records!
What I fear the most is, extortion and denial of services and infrastructure by the bad guys. It is a bigger pay day to demonstrate they can turn something off and do it, and then threaten to do it again. I am afraid that’s where we are heading, if we are not already there. The internet, Cloud services, or both denied because they have become so centralized and vastly interconnected at business institutions where an accidental flip of a switch can take down large swaths of internet service.
We have, as business owners made it easy for this to happen because there is a need to do things better faster cheaper. This has made the data vulnerable because businesses gave up control and security of the data, and the Cloud service economy blooms. It is easier for hackers to be right once on a big target, the admins have to be right all the time.
The SolarWinds Hack:
The SolarWinds attack presents a very real and present danger. Please read the scope of the attack here, Cybersecurity & Infrastructure Security Agency. After learning more about this hack, I wondered how companies would survive if their data was compromised or simply not available to them anymore?
The hackers broke into these major companies and have been there for months before the hack was discovered. It is going to be next-to-impossible to find all the back doors they left for themselves to retain access. The NSA and Solar Winds believe these are nation state actors with sophisticated tools.
So, if you have your data with a well-known Cloud provider, you may want to rethink your risk. It isn’t good enough for the provider to have multiple sites to rely upon in the event one site goes down.
The bad guys are already / were in the computer network, the network may not be centralized geographically, however, from a network point of view, it sure is. That is how computer networks function by default they are centralized. The bad guys are in and they have access to the network with thousands of customers centralized in it. It is not hard to imagine they could do what they want.
At some point in the future, these hackers may or will soon have the ability to turn off, or severely disrupt the Cloud services of thousands of businesses—costing billions of dollars to remedy. So, there’s one good reason to move back to a decentralized data storage model.
What Should Companies Do?
Companies need to really consider what would happen if the Cloud service you rely on is not available and denied for days or weeks. Just because you have uptime contracts in place, and a fleet of lawyers does not mean your services or data will always be there.
A comprehensive disaster recovery and business continuity plan must include plans to protect your data and business in the event of a prolonged Cloud outage or data breach. Some companies are considering bringing their data back from the Cloud to an on-site server, as well as backing up that data at an alternate location outside of the cloud to ensure their business survives.
Thanks for walking through this with me. Cloud services do have cost efficiencies, and I advise my clients about the potential risks. When a company puts all their data with these various Cloud services, they are relinquishing control of the most important resource they have—their data and intellectual property. The best plan is to keep your most valuable data on-site, and backup frequently, so you can do a complete restore, if needed.
Call us today at 847-464-5855 to see if our products and expertise are a fit for your businesses’ data protection needs.