In recent days, something very unusual happened to me. This "something" was not only tragic for one or two factors. Among them, my science on an important issue and sometimes ignored by many of us: Information security.
One of the services that is: commonly pay the supplier for analysis interested in entering the market for hosting, or even for web agencies or professionals / companies who wish to hire outsourced infrastructure for hosting Internet. This solution is basically hiring, by me or by a domestic service in a any company requested by the client, ie, based on a X budget, we hired servers in enterprises to apply tests that will service infrastructure.
An example: The client asks us to do a review on one server vendor of "cloud hosting solution", we (virtually) communicate with the company that the customer reported for the product and do general surveys for the customer.
In mid 2012 we hired a server on "cloud" in a company to provide this service "review". The tests were done, the report delivered, blah blah, and then request the cancellation of the server. However, in the last 3 days ( almost six months after we ended the hiring ), I started receiving this server activity logs that was supposedly canceled. Have no doubt: the server that the data should have been "destroyed" was there, working ..... in full swing.
The question is one, to try to summarize the talk: Until datacenters (some) less prestigious (outside) have a policy of "reclaiming", ie, whenever the server is canceled by the client (returned to the provider), the supplier puts this HD server on a process of total destruction of the data to prevent the next to lease the hardware (server) can recover data in HD.
Imagine the scenario: You rent a dedicated server, hosting your information (no matter what they are, they are sensitive) in it and after a while, it cancels the service. Hence, the data center rents this same server for a new client, with ulterior motives or not, initiates a data recovery procedure (action rather simple) so obviously having improper access to data and thereby being able to practice any illegal action or even take advantage of the data for personal gain (eg copy scripts and etc). If that does not scare you even a little, it should.
Although I have summarized the episode in no less than about 90%, and I had not given "importance" in this test environment, the incident aroused on me is a deep revolt, as there existed by this supplier, a concern with the customer information.
Fun fact: Did you know that this situation may be the root: invasions web systems, actions of phishing, spam and other problems faced in the digital world?
Even though my main focus is the commercial advice and technical support to micro / small provider and web agencies, I also sell hosting services on the Internet and I was extremely worried about how amateur it is that these companies said "datacenter and hosting providers Internet", or exposes their customers and users to more technical freak malpractice cases.
I shed the notebook once a year, and each time I sell or donate the old equipment, I take the HD (and in some cases, RAM) and replace with a new one or another one that has been subjected to a real formatting (the one that prevents data from being recovered later). This simple action ensures that the information processed during the previous months (personal information of the company, customers, etc.) on the laptop, do not fall into the wrong hands. We provide IT service, we have an obligation, to seek best practices for information management, whatever it is and whoever it is.
So, dear reader, do not forget to ask more to your service provider of hosting (either via "Cloud", VPS Hosting or Dedicated) about how he will handle the data after the return, for this part, server rental. Deleting accounts using traditional means cannot solve or resolve. Some good practices can assure you even in cases where the problem is imposed by means. Always read the terms of service; Look and negotiate with companies that have solid references by reputable recommendations; Hire experts to help you whenever you face doubts, consider not just yesterday.
After reading this, think on:
A prosperous 2013 to all!
One of the services that is: commonly pay the supplier for analysis interested in entering the market for hosting, or even for web agencies or professionals / companies who wish to hire outsourced infrastructure for hosting Internet. This solution is basically hiring, by me or by a domestic service in a any company requested by the client, ie, based on a X budget, we hired servers in enterprises to apply tests that will service infrastructure.
An example: The client asks us to do a review on one server vendor of "cloud hosting solution", we (virtually) communicate with the company that the customer reported for the product and do general surveys for the customer.
In mid 2012 we hired a server on "cloud" in a company to provide this service "review". The tests were done, the report delivered, blah blah, and then request the cancellation of the server. However, in the last 3 days ( almost six months after we ended the hiring ), I started receiving this server activity logs that was supposedly canceled. Have no doubt: the server that the data should have been "destroyed" was there, working ..... in full swing.
The question is one, to try to summarize the talk: Until datacenters (some) less prestigious (outside) have a policy of "reclaiming", ie, whenever the server is canceled by the client (returned to the provider), the supplier puts this HD server on a process of total destruction of the data to prevent the next to lease the hardware (server) can recover data in HD.
Imagine the scenario: You rent a dedicated server, hosting your information (no matter what they are, they are sensitive) in it and after a while, it cancels the service. Hence, the data center rents this same server for a new client, with ulterior motives or not, initiates a data recovery procedure (action rather simple) so obviously having improper access to data and thereby being able to practice any illegal action or even take advantage of the data for personal gain (eg copy scripts and etc). If that does not scare you even a little, it should.
Although I have summarized the episode in no less than about 90%, and I had not given "importance" in this test environment, the incident aroused on me is a deep revolt, as there existed by this supplier, a concern with the customer information.
Fun fact: Did you know that this situation may be the root: invasions web systems, actions of phishing, spam and other problems faced in the digital world?
Even though my main focus is the commercial advice and technical support to micro / small provider and web agencies, I also sell hosting services on the Internet and I was extremely worried about how amateur it is that these companies said "datacenter and hosting providers Internet", or exposes their customers and users to more technical freak malpractice cases.
I shed the notebook once a year, and each time I sell or donate the old equipment, I take the HD (and in some cases, RAM) and replace with a new one or another one that has been subjected to a real formatting (the one that prevents data from being recovered later). This simple action ensures that the information processed during the previous months (personal information of the company, customers, etc.) on the laptop, do not fall into the wrong hands. We provide IT service, we have an obligation, to seek best practices for information management, whatever it is and whoever it is.
So, dear reader, do not forget to ask more to your service provider of hosting (either via "Cloud", VPS Hosting or Dedicated) about how he will handle the data after the return, for this part, server rental. Deleting accounts using traditional means cannot solve or resolve. Some good practices can assure you even in cases where the problem is imposed by means. Always read the terms of service; Look and negotiate with companies that have solid references by reputable recommendations; Hire experts to help you whenever you face doubts, consider not just yesterday.
After reading this, think on:
- How often were the victims of similar cases described here, without even having the concept?
- How to ensure the information in a web hosting platform powered storages?
- How to select a vendor that meets before the technical criteria, moral character ?
- I am competent enough to understand the responsibilities required to provide services face my limitations?
A prosperous 2013 to all!
RSS Feed