The Outage in Summit Hosting
On Saturday, January 18 cloud provider Summit Hosting was hit by a ransomware attack.
Details regarding the breach are still unknown. What is known is that support has reached out to its users claiming they are working on resolving the issue.
A Reddit user claiming to be a client posted a letter he said he received from Summit Hosting after attempting to contact them.
The letter states that their cloud environment was hit by a ransomware attack and security systems detected the attack immediately, shutting down all 400 client servers as a result.
Cloud providers often market themselves as a safer, more secure, and more efficient alternative to on premise, or internal IT. The truth is, Cloud providers and Managed Service Providers (MSP’s) are susceptible to all the same risks other businesses face.
The issue arises when businesses looking to adopt a cloud-based infrastructure fail to understand what makes a cloud vendor trust-worthy or what to avoid when looking for a cloud vendor.
Here are four things to keep in mind about choosing a cloud provider.
Low Costs Cost More
Many vendors will offer you cloud hosting services for the deceptively low price of $100 a month or $58 a month to host a specific application. Potential clients then see the low price and immediately assume they’re getting a good deal. However, there are instances where the less expensive option can be the more dangerous one.
For example, would you feel safe going over a bridge that costs $400 or $40,000?
Lower priced cloud services imply the provider doesn’t have the resources to deal with bigger issues when they arise. When the price is cheap it typically means they’re cutting costs elsewhere, usually to the detriment of the user.
This could mean a sacrifice in cyber security tools, capable systems engineers or software.
Make Sure Your Provider Permits Storage Onto Your Servers as Well
Adopting the cloud is not, and should never be, an all or nothing affair. In other words, a cloud vendor should never prevent you from storing certain data on premise. If they do, then they should at least provide the capability to access and save important data onto your internal servers as well.
This safeguards your business against a complete halt of productivity and even temporary shutdown should your cloud provider experience an outage or a cyberattack. What good are cloud-backups if you can’t access them?
When discussing your service contract, or service level agreement (SLA), with a vendor you can choose to keep certain mission critical data on your own servers. Furthermore, no business is the same. Not even businesses within the same industry are the same. Therefore, it makes sense that one business would require different kinds of services on the cloud than another.
Look for a Team with a Fast Response Time (No Longer than 12 Minutes)
When a cloud provider experiences an outage for whatever reason, your provider should always be able to respond quickly and efficiently.
To illustrate my point, It’s important to highlight the differences between a public cloud and a private cloud. If something goes wrong with a private cloud, you’ll typically have someone to call. With a public cloud it’s only always included.
Public cloud vendors like Azure, offer one-on-one support only if you purchase their support plan separately. With Amazon Web Services, you must submit a support request through their website and wait for a response.
The most important thing, however, is that you’re given a point of contact. This can be an engineer or even the CEO of the cloud provider.
But just because you have a private cloud vendor to call, doesn’t mean they’ll be timely in their response. After the outage in Summit occurred, support was unable to efficiently respond to its 400 clients in a timely fashion.
As a result, the 400 clients were left confused, worried, angered and distressed for hours and in some cases days. So, make sure your cloud vendor has a response time of 12 minutes or less in case of an emergency like the one in Summit Hosting occurs.
In cases of such an emergency, Nerds Support has staff ready to respond and provides periodic updates every four hours via email and social media. Consistent communication like this ensures a smooth recovery in emergency situations and helps businesses maintain order.
Always ask your cloud provider for a business continuity plan. They should be able to provide you with a detailed plan outlining how they operate in the case of an outage, breach or natural disaster. If they don’t have one set up, move one to another provider.
Be Aware of Cyber Attacks
It should be the duty of every cloud provider to provide educational training to users about the various kinds of cyberattacks that businesses are susceptible to. However, providers often overlook training and focus on other areas of their services.
Ask your vendor what they’re cloud cyber security policy is. They should have a system in place that verifies and secures all devices before use. The reason for this being, employees bring their own devices to work and it can create a security issue if the machines are not secure.
Review your cloud vendor’s cybersecurity tools and protocols to make sure they provide the security benefits you need.
Although more and more users are becoming aware of some of these attacks, they are quickly adapting and changing to overcome user awareness. When it comes to cyber-attacks, your education is never finished. Human error is still the number one cause of cyber breaches and phishing is still the most effective cyber attack.
Research found Ransomware extortion payments are now $84,000 on average. This isn’t meant to scare you, simply to make you aware of the importance of staying educated. All it takes is one user in a company of thousands of people to compromise a system.
Often times, a company experiencing a ransomware attack fails to recover their files and pays the ransom out of desperation. Unfortunately, this doesn’t always guarantee all encrypted or stolen data will be restored or that the cybercriminal won’t attempt to extort them again.
Any cyber security expert will tell you, the best solutions are preventative. The most effective way to successfully survive a cyber-attack is to avoid it. By staying up-to-date on cybersecurity you’ll decrease your chances of falling victim to an attack by a hacker.