latest updates from easySERVICE™
On April 25, a systems administrator was sentenced to 33 months in prison for intentionally causing damage to a protected computer. Jonathan Hartwell Wolberg of Tucson, Ariz., will end his prison term with 36 months of supervised release for sabotaging his former employer’s cloud computing server.
According to court documents, Wolberg had worked as a systems administrator for “Company A,” a cloud provider headquartered in Virginia. After resigning, Wolberg continued to enter the Company A cloud to damage its servers, its reputation, and its business. This included shutting down “key data servers,” including those supporting hospitals. As a result, Wolberg caused hundreds of thousands of dollars in damage.
This is the kind of story that scares — or is used to scare — IT organizations about the cloud. After all, core to the cloud-client relationship is your trust in the client provider to keep hackers away from the systems carrying your data and running your services.
In this case, Company A fell down on basic security measures: It didn’t change root-level passwords after the departure of an employee who had root-level access to the cloud systems, and it did not conduct security audits for that former employee. Wolberg committed the crime, but Company A made it all too easy for him to do so.
Although stories like this strike fear in the hearts of cloud-using and cloud-considering IT organizations, such tales are few and far between. They’re rare exceptions, fortunately, especially at the major cloud providers.
That said, it’s a good idea to ask your cloud provider a lot of questions, especially if it’s a smaller provider. In some cases, a premigration security audit is in order. The provider should be receptive to such validation requests — an enterprise looking to use its cloud could result in a business relationship that lasts for years.
Source: Associated Press