See things clearly
Generally speaking, most human beings aren’t very good at understanding risk.
The odds of being killed by a shark are roughly 1 in 3,750,000
The odds of being killed in a car crash are 1 in 84 (USA figures, source)
It’s hardly an original point, but which of those are most beach holidaymakers most concerned about?
In business, the chances of a catastrophic event occurring can be similarly underestimated. Few of us spend our time worrying that the roof is going to fall-in, except perhaps for the occasional highly-qualified professional like an engineer or an architect. And they can usually be quite accurate in their assessments, because they understand how everything works together to make sure the roof does its job.
Unfortunately, sudden life-changing moments do happen from time to time in business, especially in small businesses, where a sudden twist of fate can inflict a great toll on health, relationships, and finances.
So spare a thought for the small business owners in Australia who used Distribute.IT to host their websites. The company was hacked recently and four of its servers, ‘Drought’, ‘Hurricane’, ‘Blizzard’ and ‘Cyclone’, were basically destroyed. By all accounts 4,800 customers have lost websites, email accounts and data. But that’s not all - the hackers were able to erase vital information such as back-ups and snapshots during the attack.
If customers had no additional back-up, in addition to what was at Distribute.IT, then they have lost the lot.
One customer said,
"I think I'm in shock ... I have lost everything .... I couldn’t possibly replicate all those years of work again ... my whole life's work is gone down the drain"
For that person, and some others, this ‘data flow disaster’ really is an apocalypse. Having been through something similar in the past myself, I know how gut wrenching it is.
Unfortunately, we are going to see more of such incidents. Why?
Because there are no standards for flows of data.
That is why most, if not all, ‘cloud’ vendors have a clause in their contracts which states that they don’t accept any liability for your data.
Coming from Oil & Gas IT, which is rigorously engineered, I don’t think it’s good enough that cloud vendors want to shrug off liability.
To most small business owners, often with only a little IT knowledge, working all hours of the day on the core business, signing a cloud contract is like signing an electricity, water or gas contract. Those flows are safe, so why should there be much risk attached to flows of data? Especially when the vendor says that back-ups are taken by the company. Even a fairly tech savvy person might reasonably assume that the backups would have some sort of redundancy built in.
But what does anyone seeking to use a cloud vendor get to see that lets them make a reasonably informed decision about the risks associated with giving the company their data?
Without any recognised standards for flows of data there is no way for the lay person to compare providers. Or judge what depth and breadth of expertise a company possesses.
Given the number of data breaches that have appeared in the news headlines during the past few weeks, I think it’s fair to say that, even among cloud enthusiasts, there is a growing realisation that ‘we can’t go on like this’.
As Nick Heath of Silicon.com points out
“If organisations can't or won't do more to stem the tide of information security breaches, then data security paranoia will persist and any enthusiasm for the cloud will slowly evaporate.”
If cloud vendors cannot clearly demonstrate, in a simple way that both technical and non-technical people can understand, how a customer’s data flows through its people, process and technology then what real confidence can the customer have? If there is no transparency around those interdependencies then how can the customer fully assess risk? A very real risk, as demonstrated by the Distribute.IT debacle.
Of course, we can only ever seek to minimise risk. Even in well established industries, accidents will happen – despite standards, certifications, and years of intensive study and training by practitioners.
Sometimes the roof really does fall in.
Add a Comment