How Secure Is Your Data Center?
The other day I was invited to a Hang Out on Google + where several IT Pros and a couple of journalists discussed storage issues. One of the topics that came up for discussion was how to secure your content.
After listening to some very insightful discussion about how to do it, I added that you probably can’t secure your data. Do I hear your scoffing? It’s true. When hackers like Anonymous get inside some of the most secure facilities on the planet (or ones that we think are anyway), you have to wonder just how secure any site is.
And that was driven home in a big way when eCommerce site Zappos, which is owned by Amazon (ouch) had a major data breach last week involving 24 million customers, exposing their passwords. Fortunately for them, no credit card data got out, but it was a major embarrassment nonetheless for Zappos and its corporate owner Amazon.
Meanwhile, as I was writing this yesterday, Anonymous–apparently upset that the feds arrested four principles at file sharing site, MegaUpload and shut down the site–went on a hacking rampage attacking the White House, the Department of Justice, The US Copyright Office and the RIAA and the MPAA (among others) for good measure.
Do you suppose you have the same stringent security measures as say, whitehouse.gov, a site that is probably relentlessly attacked by hackers every hour of every day?
Chances are you don’t, and yet you probably believe that your site is secure. I have a friend who refers to airport security as “security theater.” It’s a nice veneer, but is it really keeping us safe? It’s probably similar theatrics in your data center, given how easily Anonymous can have its wicked way with just about any network.
Sorry to be so blunt, but let’s face it, the entire Internet security infrastructure is vulnerable. One day it’s the White House, another it’s Zappos. When is it your company’s turn to play security breach roulette.?
You think you have control of the situation, but the fact is, you probably don’t . I’m sure the IT pros at Zappos and The White House thought they too had it under control, but until we face the fundamental flaws that appear to be inherent in across all networks, we will continue to see these types of breaches — and I hate to say it, but you could be next.
3 Comments
Leave a Comment
Free Real User Monitoring
This blog is sponsored by Correlsense,
the maker of SharePath RUM Express -
a free tool that provides a real-time
view into the actual experience of
your end-user, including availability,
response times and service levels.
There is a big difference between a DDOS which Anonymous used to attack DOJ, etc and gaining access to assets on a site. Zappos was a good example of your point or Sony might have been. Lockheed would have been even better. Yesterday’s Anonymous rampage – not so much.
Tony,
You’re right. There’s a big difference between blatant security breaches like the one that happened to Zappos and the DDos attacks, but they all speak to basic vulnerabilities in the overall network architecture that must be addressed.
Thanks for taking the time to comment.
Ron
Why do people still fail to hash passwords?