In my last post I talked about the reliability of cloud services and that I believed it was the right choice for Allied Pixel. But what about security?
Several days ago, Amazon.com’s homepage was unavailable for 49 minutes. Amazon Web Services, Amazon’s cloud services was not affected, nor were other web services from Amazon. Amazon Web Services (AWS) is built on the same architecture that Amazon.com is. Some indications were that the outage was due to a hacker group that was quick to claim responsibility. Amazon has not given any indication as to the reason for the outage. Regardless, this raises the question whether our business operation is more vulnerable to security issues if we’re utilizing cloud services?
Our exposure to the cloud has grown over the past year. The service benefits to our company have been huge. Beginning with the use of AWS as a Content Delivery Network (CDN), and now including integral business applications, like email and calendaring from Google Apps, our IT services are more cost effective, reliable, and accessible. But we are vulnerable because these services are stored outside our bricks and mortar operation and are dependent on the security infrastructure put in place by the companies that run these services. We are vulnerable because the services that we have chosen to store our information are prime targets of hackers. But we have also experienced our share of attacks on our own network over the years. Our first in fact occurred over 12 years ago when a hacker from the Netherlands appropriated space for music sharing on our web server which was publicly exposed. We regularly have hackers attempting to crack FTP usernames and passwords on our in house FTP server. Wordpress sites and Drupal sites that we host on cloud servers are being targeted every day by punks trying to bring down or somehow take over these servers. There is no discriminating by hackers when it comes to choosing what to target – any computer attached to a network with internet access is a target.
So how do we combat this vulnerability? By using authentication options provided by cloud services. Google has made a 2 step authentication method available that not only requires login to their services, but sends a 6 digit code to your mobile phone to enter and complete the login process to our services. Sound like overkill? It won’t when your mail account gets hacked. It’s just a matter of time. And we’re also using key pairs when logging into servers on AWS and other cloud servers instead of just the traditional 8 – 14 character password. Essential steps in protecting our information.
So if you choose to utilize cloud based services, don’t shortchange using their most secure authentication methods. Your company information will thank you.