Ransomware and SaaS Mishaps in the News Again…Did I mention you need a backup? (Includes Video)

GettyImages-955703042The past few weeks in technology news have been particularly interesting…and alarming.

On the ransomware front, the city of Baltimore made first page May 7 for an attack that apparently could have been avoided by patching their Microsoft environment 2 years ago. With practices like this, it makes me wonder what their backup habits are/were…. It is reported that the city will incur a cost of 18 million between lost revenues and recovery or recreation efforts. Baltimore: Give me a call. I can set you up with great backup for a lot less! I know many vendors who could help.Or maybe it is not the technology, but rather the training that was lacking. I am sure we will get more details from this unfortunate event. To top it off, it appears that in this case the attack also included an exploit (named EternalBlue) stolen from the NSA--two years ago. Patch, do frequent backups, protect the backup environment, test your DR, and your cyber resiliency. Don’t be the next headline.

Remember: Ransomware is a logical data disaster and good disaster recovery practices and schemes should help you get back on your feet quickly with minimal data loss.

Moving on to SaaS mishaps… Let me state the obvious: SaaS outages are more visible than the very private perimeter of an on-premises data center. It is technology and technology always fails at some point. That is why we need other technology to protect against failures, user error causing accidental deletions, etc.--just like on a plane with many redundant systems.

The month of May was not so good for SalesForce. In 2016, the NA14 incident created a 20 hour outage and caused 4 hours of data loss for customers. At the time, Salesforce was a 49 billion dollar company and one would expect this type of issue would not happen. This past May, another issue came up that triggered an outage for many customers. In this case, a database script error inadvertently gave users broader access than intended (hello, compliance nightmare!). This issue affected Pardot users so the company decided to shut down service to all customers using instances that were affected. Net net: the application was down and many questions remain as to what happened to whose data.

I will stop picking on SalesForce to pick on Microsoft. Office 365 was sluggish the other day, and it is not the first time. I was wondering what was going on and after a few Google searches – didn’t they have an outage, too, recently? – I discovered there was an outage. It turns out that there are wonderful websites that track availability, outages etc. I was quickly fascinated by the amount of information that is available to IT professionals to track SaaS service levels, beyond the built-in tools vendors provide.

Yet there is a big disconnect when it comes to SaaS and data protection. Despite all this news and resources, IT has a false sense of security with SaaS.

Check out my new video on the topic, coming from very recent research.
 
Topics: Data Protection