Over the last week we have been bombarded with stories in the media about the security of hosting your business in the cloud.

The stories started a couple of months ago with a concerted attack on the Sony PlayStation network facility. Now whilst a number of people missed out on playing their favourite games no real harm was done except to the reputation of the engineers at Sony.

Recently though, there have been a couple of issues where businesses have been directly affected.

Dropping the Box

On the less severe end of the scale there were two issues this week, one with file sharing provider, DropBox and the other with WordPress.org. On June 19, 2011 a software bug caused an authentication issue with the login process at DropBox.

The problem occurred because of a new update of software at their end. It allowed people to log in without the correct credentials. The offending software was installed at 1:54pm and the fault discovered at 5:41pm, just under four hours later. It was fixed five minutes later.

I think it is important to note that unlike the Sony issue, this was not a hack attack. This was basically a mistake at DropBox who immediately corrected it once they found the problem. They have also gone to great lengths to check that no unauthorised access to people’s files happened during this four hour period.

WordPress.org provides the content management system for millions of websites around the world. It is a highly flexible, very robust and hugely popular system.

A Backdoor Into WordPress

On June 21, WordPress.org noticed some suspicious activity with several of the popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. Plugins are basically pieces of software which add functionality to WordPress. This looked like a genuine attempt to allow access to any website who used those plugins.

WordPress immediately fixed the issue and rolled out upgrades to the affected plugins. The only problem is that anybody who installed the offending plugins would actively have to upgrade them.

 

If you are in this situation, your WordPress dashboard would show that there were a number of updates available and you would need to at least press the button to allow them to update. Please ensure that you backup first.

The Destruction of 4,800 Websites!

I was amazed with the story of Australian hosting provider, Distribute.IT who managed to lose over 4,800 websites after a cyber-attack. Apparently, they sustained a focused and significant attack on Saturday night on June 11. It was a highly sophisticated attack which effectively wiped out their hard disks. In addition the hackers then went about destroying the company’s backups. It took them just half an hour to destroy thousands of hours and potentially millions of dollars’ worth of work.

All their client’s data, websites and email hosted on four out of their eight servers were totally destroyed and unrecoverable. Unfortunately, it also looks like Distribute.IT did not have any offsite backup.

The end result is that Distribute.IT is no longer and has been assimilated into the Netregistry Group.

Lessons from the Field

There are a couple of lessons to be learnt here. The first one is that if you are planning to use a low cost hosting provider then it really does make sense to back up your own data. There are a number of plugins that you can get for WordPress which automatically backup your site. They can be configured to email you a zip file of your website each day if that is what you wish.

These are great if your site is small but once you get a reasonable amount of content, the email facility will fail and your only backup will be on the website which in the case of the issue at Distribute.IT will be of no use to anyone.

A better system is to back up your site and your data to a facility like Amazon S3. This is one of the most reliable and secure systems in the world. It is designed to provide 99.999999999% durability and 99.99% availability of objects over a given year. That is a lot of nines and makes it the service of choice.

If any of the Distribute.IT clients were backing up to this facility they could have had their site up and running again within a couple of hours.

How To Backup to the Cloud

We provide maintenance for your website which ensures that the site is always kept up to date and that it is backed up to the Amazon S3 facility. You can find out more information about the service by clicking on the following link:

Now don’t be lured into thinking that the best way is to have a server installed on your premises. I have been installing systems for over 22 years and whilst people might think that in house systems are safe and secure, the reality is that many of them are vulnerable to attack either due to a lack of maintenance or more basically because of a lack of physical security. i.e. it would easy for someone to come in and just steal the server.

Properly maintained, Cloud Computing is a great service and gives companies a significant competitive advantage. Regardless of whether you are using it for the hosting of your operational servers or to host your website it is imperative that you also invest in disaster recovery strategies. To do this you need two things – competent advice and a facility built from the ground up to be secure and reliable.

Let me know what you think.

Enjoy the journey.
Mark

Related Posts Plugin for WordPress, Blogger...