Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/15/2009
03:42 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

UPDATE Sidekick Data Restored: Security And Cofidence Questions Remain

So now the missing Microsoft/T-Mobile Sidekick is back, doubtless relieving both hundreds of thousands of customers and the legal departments at the affected companies. But the questions about confidence in cloud-based data remain. And that's a good thing.

So now the missing Microsoft/T-Mobile Sidekick is back, doubtless relieving both hundreds of thousands of customers and the legal departments at the affected companies. But the questions about confidence in cloud-based data remain. And that's a good thing.While keeping mum about exactly how the missing customer data was recovered, Microsoft says the contact and other synced info is back in the Sidekick cloud.

All well and good, but the questions raised by the now temporary loss remain potent ones that every business doing business in or with the cloud (and that's most businesses, at least in some part) need to continue asking.

Chief among them is one addressed here yesterday: How confident should you be of cloud-based services?, but I think it's good advice.

It's not the least expensive advice, maintaining local backup in addition to, say, cloud based backup, particularly when part of the promise of the

No more confident than you are of any other technology, is my feeling.

These days that means pretty confident -- technology has tended to become more and more reliable, even as we ask more and more of it.

But the great risk of that confidence is complacency, whether the technology in question is the hard disk in your notebook or the cloud service that backs that hard disk up.

Things go wrong -- the Sidekick fiasco (shortlived or not) is the most dramatic of recent events, but Gmail and social networks have experienced outages and interruptions.

Likewise, that notebook disk can fail -- or the notebook can be stolen.

Point is, that the careful business (and consumer, for that matter) has a contingency plan in place should disaster strike. Backup your data regularly and don't keep the backup in the same place you keep the notebook.

The cloud requires a bit more wariness, I believe. Putting all your faith in a cloud-based service (even a cloud-based backup-and-restore service) and the ability of that service to restore all of its data (including yours) in the event of a massive failure is putting every one of your eggs in a remote basket in somebody else's henhouse.

I've hammered the suspenders and belt approach to data security before in various contexts , but I think it's good advice.

It's not the least expensive advice, admittedly. Particularly when part of the promise of cloud services the economy they offer, does it make sense to take on the cost in money and resources of a more local "just-in-case" backup?

Your budget will answer whether or not you can afford to have a really redundant backup strategy?

But while you're crunching the numbers ask another, equally or more important question:

Can you really afford not to?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23945
PUBLISHED: 2020-10-27
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.
CVE-2020-7754
PUBLISHED: 2020-10-27
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
CVE-2020-6023
PUBLISHED: 2020-10-27
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.
CVE-2020-8579
PUBLISHED: 2020-10-27
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
CVE-2020-6022
PUBLISHED: 2020-10-27
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.