With the increased effectiveness of cloud-based server solutions, many people are beginning to migrate to these cloud services, attracted by the promise that outsourcing their server environments will increase the reliability of their security and decrease downtime. However, it’s been shown recently that even these services are not immune to ransomware.
The above article covers the ransomware that infected iNSYNQ’s servers, causing a complete outage of their service for multiple weeks and the loss of many clients’ data. While these services definitely offload the responsibility of security compliance and updates, something happening that affects these services can mean more downtime than a properly setup disaster recovery system on site.
The decision to use a cloud service or an on site server is one that usually requires much deliberation. Wlodarz mentions in his article that “Clients who are sustaining fleets of physical servers on-prem without the requisite attention to patching and security oversight are putting their entire IT infrastructure at unnecessarily high risk to ransomware” and he has a very valid point. He makes the case that most of the time, using a cloud service to replace an on site server is usually not only easier to maintain, but less time has to be involved for security.
However, that does not mean cloud services can replace on site servers in every scenario, or that the cloud services will be as effective as desired. Along with the offloading of responsibility over security comes the lack of knowledge of what the cloud service provider is doing with regards to their security, making it impossible to know for certain that their methods are satisfactory.