printer friendly version

From the editor's desk: A storm in the cloud

The latest ransomware attack, named Kaseya after a company that provides a number of tools to customers all over the world, has hit a number of companies ‘downstream. In other words, some of the companies using Kaseya’s tools were also hit. However, some of these companies were managed service providers (MSPs), which means they provide services to their customers (as-a-service), and some of these companies were also hit.

Nobody knows exactly how many companies were hit with this latest attack (or they are not saying), but it once again comes back to the whole cloud security question. Cloud services, whether we call the cloud, remote or hosted services (or whatever term is in vogue), provide valuable services, mostly at reasonable costs. They can also solve many problems for companies reliant on their technology infrastructure but who don’t want the hassle of running servers and all the other bits and pieces.

Andrew Seldon, Editor

But cloud services are not a silver bullet. Yes, they offer solutions and lower costs in some cases – although South African costs often seem higher than the average – but companies often forget they can never simply hand over their responsibilities to someone else. As Gus Brecher noted in an interview with Hi-Tech Security Solutions about the OSPA awards, which you can read in this issue, “What do you do if the cloud blows away?”.

In Brecher’s context, what happens to cloud storage and other services when connectivity dies, or when your service provider is down for some reason? Hence the need for hybrid solutions that can store your video data onsite (or perhaps on the edge).

More than connectivity, most people assume their cloud data is automatically backed up; check you contract. Service providers obviously take security seriously, but if you are not sure they backup your data (whatever data that may be), it’s time to find out. What happens if your email is lost or corrupted or encrypted? The cloud server will hold the same ‘lost’ data as you have on your laptop or PC. If you don’t have a separate backup, not connected to the live system, your data is gone.

And these days, you need a third backup on some form of removable media that is not connected to your server. That way, if you lose everything in a catastrophe, there is still a way to get up and running again, albeit a slow way. I don’t want to seem negative about cloud services, but we need to be careful.

Those who read the CCTV Handbook last month will recall I mentioned CRaaS (Control Room-as-a-Service). In the next issue of Hi-Tech Security Solutions, we will run an article based on a discussion with a company that runs its entire control room from the cloud. The only hardware it has is the terminals its operators sit in front of as well as connectivity, and backup connectivity, and a backup of the backup (just in case).

Share this article:

Further reading: