Repeat after me: "It isn't a cloud, it's someone else's computer that you don't control".
While Western Union wired customers' money, hackers transferred their personal deets
Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants. A Register reader, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage …
COMMENTS
-
-
Wednesday 14th February 2018 00:02 GMT Anonymous Coward
So host it locally, administered by recent graduates paid $24k PA? Or maybe by TCS or Wipro staff paid 1/4 that?
Times have changed, old man, you need to update your opinions. There is zero chance your company can hire security staff as qualified as those who work for Amazon, Microsoft, Oracle, etc.
-
Wednesday 14th February 2018 00:16 GMT Doctor Syntax
So host it locally, administered
by recent graduates paid $24k PA?by administrators who know their jobs and their colleagues jobs depend on its security.A business's data is its life-blood. Guard it accordingly. If that means paying an appropriate salary, pay it.
"Times have changed"
You say that as if it's a good thing. Evidence says not.
-
-
Wednesday 14th February 2018 15:04 GMT Alistair
I'm going to guess here, you've recently graduated from a "How to secure computers" course and are now working for Amazon, Microsoft or Oracle.
You *do* realize that the global monster corporations have a rule, two people with qualifications, in a corner, writing things, and 2,000 people at minimum possible wage to do the work right?
Us "Old Mans"* are the ones that get called in when the airborne fecal matter impacts the rotary aerators for a very good reason.
________________________________________________________________________________
________________________________________________________________________________
*I'll note that one of the best forensic accountants and network flow analysts I've ever met is both old, and at one time was a man but now is no longer. And for that matter, there are Old Woman types I'll defer to as they have the breadth of experience and knowledge to make even my ego look small.
-
-
-
This post has been deleted by its author
-
Wednesday 14th February 2018 01:25 GMT JeffyPoooh
"...a year of free identity-fraud protection..."
Thank you for enrolling in our generous offer of a year of free identity-fraud protection. Unfortunately the identity-fraud protection company was using a cloud service provider that had failed to totally lock down their server. So all of your personal identity details have been nicked, again.
By way of further and generous compensation, we would like to wire you some money. Please email us all of your personal and banking details, and please be sure to include "Private Info: ..." in the Subject Line for your protection.
-
Wednesday 14th February 2018 03:12 GMT Anonymous Coward
Leaks-Breaches-Hacks - Cloud-Outsourcing-Clusterfucks
My trust factor hit rock bottom long ago. Now I only buy what I have to (after risk assessment), and only share info, if something is essential and there's absolutely no other way. The overlords in charge have been relying on the Tesla autopilot for way too long. Now all we see are 'car crashes'!
-
-
Wednesday 14th February 2018 11:16 GMT CrazyOldCatMan
Re: Blaming 3rd party data storage. Which vendor could it be?
Who cares! That's passing the buck
The old ITIL stchick about outsourcing was that it was a good thing because it outsourced the risks and costs of IT to someone else.
Which completely fails to realise that yes, a proportion of the costs may be outsourced but the risk (to your business) remains with you. Yes, you don't have to go through all the grind of maintaining servers and whatnot yourself (economies of scale) but the risks to your business remain the same.
In fact, the risks are increased because your have now increased the complexity of your IT and multiplied your attack surfaces - all of which increase your risk.
Sure, you have reduced your risk of IT hardware failure, but you have now massively increased your security risks - especially since your business-critical data is now in the hands of a 3rd-party and (unless you have been very, very careful in your contract terms) you have no idea of who now has access to the data.
Outsourcing - hates it we does.
-
Wednesday 14th February 2018 18:09 GMT FrozenShamrock
Re: Blaming 3rd party data storage. Which vendor could it be?
Exactly!!!! I'm tired of big corporations always blaming an external partner/supplier/vendor for letting data they collected/stole/harvested get hacked. If you let some external entity access the data it should be your responsibility to make sure that access is secure. The only way to bring businesses to heel is to make it financially painful for them not to.
-
-
Wednesday 14th February 2018 14:41 GMT Anonymous Coward
I'm always surprised when people suddenly realise a cloud is just a data centre. Zettagrid switched off their UPS and took out the 'cloud' in Australia the other night. I got about 100 support calls (after the support helpdesk came back - it was hosted in the 'cloud') where I had to explain that a cloud is just a bunch of VMs... sitting on physical hardware.
-
Wednesday 14th February 2018 22:33 GMT Invidious Aardvark
"We promptly moved our external secure storage to a different vendor's system."
I hope they bothered to check the new vendor out, assured themselves that they could provide an actually secure system (rather than what they already had which, presumably, was sold as "external secure storage"), and set the new system up correctly so that it actually is secure this time. Otherwise they've just moved the same data to a different target and they'll be recylcing this press release in a few months and promptly moving their external
insecurestorage again.