Code Spaces â€“ how the closure could have been simply avoided | Code Spaces â€“ how the closure could have been simply avoided | Code Spaces â€“ how the closure could have been simply avoided James Brown, Alert Logic
Code Spaces - how the closure could have been simply avoided
James Brown, Alert Logic
Aside from the closure of Diginotar by its parent Vasco, until this summer no companies had notably gone out of business due to a cyber attack.
I talked to James Brown
, ?director of solution architecture EMEA at Alert Logic
, who called the story "one of the most frustrating instances, where it was jumped upon by many press as 'cloud is insecure'."
"This was the failure of a company to do things correctly; and you have to remember that," he
"If you think about the administration credentials that you have to logon to the Amazon
console, it's a bit like handing someone the keys to your data centre, the right to do procurement and the control of your IT administration staff.
With those credentials, I can walk into your data centre and I can turn off the servers and delete everything."
called it "bizarre" that people feel that they are protected with just a username and password.
said: "There are multiple levels of security, and that is where there are elements of security that Azure and AWS has, it is 2FA and why are they not using it?"
admitted that it was not clear how the unauthorised person got hold of the credentials, yet somehow they did it and he
likened it to a child pulling the legs off a spider.
They pulled the company apart online as they had the keys to the data centre and everything in it.
"Why was it not protected when authentication was available as a service that they can use for free?"
said that the tools are available and if you don't use them correctly, it is the reflective of Gartner saying that 80 per cent of breaches are down to poor IT hygiene.
"It is the failure to implement the tools correctly that will allow an attacker to work their way through and exploit it," he
"Unfortunately with the cloud, you have the ability to do it quickly and in a very automated way, so when it does go wrong it can go very wrong in spectacular fashion."
concluded by saying that all of a company's staff do not walk around with domain administrator credentials to log in; so why were they not shut down?
said: "Why did that account have permissions to delete backups?
Where is the common sense we have been using for the past decade around separating roles and responsibilities?
Suddenly people go to the cloud and leave their brains behind!"
James Brown, director of solution architecture EMEA at Alert Logic was talking to Dan Raywood