Data Insecurity: Outsourcing your Data
“A former employee of Hostgator has been arrested and charged with installing a backdoor that gave him almost unfettered control over more than 2,700 servers belonging to the widely used Web hosting provider.” – Arstechnica
Just one of the potential dangers of placing control of your data into the hands of others. Unfortunately unauthorized users accessing servers is not an uncommon occurrence.
We have seen former IT Administrators try to log into companies where they no longer worked. In one extreme case one server support company was logging into a company server at night and deleting files. Then charging them emergency fees to “fix it” the next day when they called in a panic.
Cloud storage comes with new risks. A recent report by a multinational company found that data that it had stored on the cloud was actually stored in 15 to 20 different places!
Where those multiple locations as dedicated to security as the main location? What if one of the servers holding the data was compromised? Would the main company even know? Especially if the compromised server was used for backup storage or a somewhat trivial seeming task.
If you have critical data, the best policy is to keep it in corporate hands as much as possible. Change Domain passwords when key IT employees leave the company. Monitor systems and analyze access logs. Research security policies of hosting and cloud companies that you choose to use.
Ask questions like, where will my data be stored? How will it be secured? How many people will have access to it?
Every company must analyze their own needs for external services and must understand the risks.