Cloud Service Providers Are Not Immune from Ransomware

You moved your applications to the cloud.  Now you don’t have to worry about managing IT systems.  The headaches are someone else’s.

Well sort of.

Here is what customers of Quickbooks cloud hosting provider iNSYNNQ are seeing when they try to log on:

This is what they have been seeing for the last three days.

The hosting provider experienced the ransomware attack on July 16.

The company’s web site says that they are now beginning to restore user’s data but the process will take a while.

They are saying that some files (they are not saying how many) were encrypted and they hope that you made your own backups.  They are trying to figure out how to deal with those encrypted files.

And, oh yeah, from now on you should probably make your own backups.

And what, exactly, am I paying you for?

So what does this mean for you?

Lets assume for the moment that you are not an iNSYNQ customer, since most of the planet is not.  And, I suspect, many of their current customers will not be their current customers for long.

First, DO NOT assume that because you moved something to the cloud, things are not your responsibility any more.  Kind of like your self driving car. You better be ready to stomp on the brakes in case your car makes a mistake.

Check your cloud service provider’s TERMS OF SERVICE.  Likely it says that they are not responsible for many things.  Make sure that, for those things, you have a plan.

Many cloud service providers have a “shared responsibility” model at the core of their offerings.  That means that they acknowledge that they are responsible for some things, but you are responsible for others.  Make sure that you know who is responsible for what.

Understand what the provider’s guarantee is regarding uptime.  iNSYNQ has been down for 7 days and says that it will be more days before they are back up – possibly minus your data.   Most of the time it says that they will get things working again as best they can, but with no time frame.  Is that going to work for your business.  In this case, it is the client’s accounting software.  Is not being able to write checks a problem?  Is not being able to run payroll going to bother anyone?  Is losing years worth of financial data going to upset your investors, your regulators and your customers?

DO YOU HAVE A PLAN FOR WHAT TO DO IN A CASE LIKE THIS?

Lastly, does the provider offer a guarantee?  Often they will not charge you for the time they were down.  Lets say they charge you $200 a month for their service and they are down for two weeks.  Likely that means that they want you to pay your bill for the month, but they will very generously give you a $100 credit on that bill.

DOES THAT COVER YOUR PAIN?  I DIDN’T THINK SO.

Maybe your accounting software is not terribly important you?

What about your web site?

Or your manufacturing software?

Or whatever else you moved to the cloud.

Understanding the risk is a good thing.  I strongly recommend it.

Source:  The iNSYNQ website, here and here.

 

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code