keywords: cybersecurity, cloud, pentagon, aws, ovh, risk awareness.
The last weeks have been rich in news concerning cybersecurity, Wannacry and Uiwix ransomware attacks, attacks on British hospitals, unavailability of French press websites using the Cedexis platform, the cyber risk is growing rapidly, which means that Europol that Europe is experiencing an unprecedented level of attack. Luxembourg is not excluded and is under a growing threat.
The last two events are the OVH web/cloud service unavailability for 36 hours and the loss by the Pentagon of data hosted in the cloud. These two pieces of information have in common that they affect organisations that can not be suspected of taking IT risk not seriously, and also that they affect the cloud, a possibility that is now given to individuals, businesses and administrations to host all or part of their IT and data on remote servers that do not belong to them.
Why businesses use the cloud.
The cloud gives the opportunity to outsource the hosting of the IT, software and data on remote servers.
The benefits of the cloud.
- cost reduction
The public cloud reduces IT costs by pooling infrastructure (servers) and teams. While IT spending is at a high level any reduction in this budget is sought.
- a de-responsibility of managers
When IT is wholly or partly outsourced, the managers are responsible for the quality of the subcontractor’s service. An IT manager who outsources all or part of his IT manages the outsourcing contract, and is not responsible in case of disruption, the subcontractor is.
The disadvantages of the cloud.
The OVH and Pentagon cases focus on a cloud-based architecture, with OVH customers had up to 36 hours of unavailable service (due to power outage), social network data used by the Pentagon (US Department of Defense) hosted in the cloud have been lost.
With the cloud of new risks appear
- the data may be accessible by third parties
Cloud leaders (AWS Amazon Web Services, Google, Apple, OVH, and others) emphasise the security of their infrastructure. It is clear that cloud services have been hacked at least in part and that the data can be accessed by third parties while precisely this cloud infrastructure is “sold” as safer than an internal infrastructure since monitored 24/24, up-to-date software.
- unavailability of the service
While cloud specialists commit to an availability around 99.9% of the time, the question will be when the 0.1% unavailability will be materialised (the impact is not the same during the hours of activity or in in the middle of the night) and if this 0.1% unavailability is real (the OVH case shows no). Of course the cloud specialists are insured and compensate the customers but the impact in terms of image and seriousness either for the specialised subcontractor and for the client entity far exceeds the financial impact.
The computerisation and digitisation of our economies are continuing on a forced march. The benefits of being able to access your data outside of the office or at home, on the move, in the evenings and on public holidays are such that no one today would be willing to go back to the past.
However, even if the cloud actors make a continuous promotion, the architecture of public cloud and monocloud places on the computer system and the security of the data under important risks. A private, redundant cloud solution can take advantage of the cloud while controlling the risks of data loss. Of course the cost is much higher than a public cloud solution based on pooling, but the game is not worth it?
Share this page with: