‘You think you can run a data centre better than Amazon, Google and Microsoft can?’
The knock out punch argument from public cloud pushers everywhere.
Depending on who you are the answer may be yes or no, but what is an absolute is that you value your business data much more than public cloud providers value your business data.
So what’s with the shirking of responsibility we’ve started seeing? The shortcuts that haven’t been earned?
The hijacking and destruction of Code Spaces tells me that we have a new class of born in the cloud companies who think they don’t need data protection or security professionals because they buy into ridiculous fiction that public cloud providers can do it better than they can. Something those providers don’t actually say themselves and do expect that you put things such as multi-factor authentication, RBAC and a DR plan in place to make sure your business doesn’t crater.
But some companies renting infrastructure don’t, because instead putting the work in on the boring money draining first principals they focus on the exciting part of writing and deploying money making apps. ‘It’s all built in, we’ll just use the services provided to us and we’ll be fine.’
This is the wholesale out sourcing of thinking and culpability.
An aside, while their backup strategy appears to have been focused on protecting against logical corruption, with offsite copies for additional protection, a single two factor authenticator configured for use by an authorised administrator could have secured Code Spaces top level administration account and prevented deletion of their system elements. But could have/should have/would have doesn’t take us away from didn’t.
Backup is easy, it’s frictionless on public cloud platforms due to the homogeneity of the components involved and how basic the backup options are. Data Protection regardless of where you’re doing it is hard. It’s hard because it requires thinking, it requires work which doesn’t make you money as you’re doing it and it requires people to be culpable.
Keeping versioned replicas, guaranteeing their integrity and availability, securing them and securing the external perimeter around both the replicas and the primary data is hard.
It’s hard and it’s boring and it’s necessary and it’s right.
People and companies get hacked every day. Data gets stolen every day. We have a class of criminal using denial of service attacks and hijacking rented infrastructure from people every day. And every day you need to have professionals on your side who care about your data the way you do.
You haven’t earned any shortcuts, your shortcut is a cyber criminal’s opportunity.
Code Spaces isn’t an outlier, cyber criminals look for new markets just like any legitimate business. Expect more such extortion attempts on public cloud users in the future.