We reached out to other vendors that we offer in our service plans and found out that many have experienced denial of service attacks over the past few years. They have usually dealt with these attacks quietly without even notifying their customers unless they absolutely have to. They planned and worked hard to avoid any downtime. Their customers rarely saw the effects of these attacks, which is really what any vendor could hope for: a mitigation strategy that puts the battle of bits and bytes out of view. No one is supposed to a see an "Error 500" page or any sort of unusual delay or error when accessing services.
This got us thinking about cloud security — some food for thought:
- When you buy a piece of computer equipment do you fully evaluate the security built into the device much? Or do you take it for granted?
- Is security a barrier to getting work done? For example, do you use the same passwords or variants of the same password on all the websites you have access to?
- Imagine your laptop is stolen or is lost. Your web browser has many saved passwords including access to your email, bank and several other important websites. How quickly do you go about changing those passwords? What if the data is breached in some way? Would you even know it happened?
- Finally, can you trust the services with your sensitive data? Or said another way, is there a way to manage the risk of putting sensitive data online that balances convenience with security?
We think there is. We intend to go into a deep discussion with each of our vendors. We would like to publish enough details to make ourselves and our clients comfortable in making sure the applications and products they use are not only secure but are able to withstand various attacks that are surely coming in the future.
Your laptop will get stolen or get lost. Your favourite service provider will get a 400 Gbps denial of service attack against it and go down for several days or more. It's just a matter of time. How does that make you feel?
