This is why companies are still afraid of the cloud

An ex-employee of a cloud provider was recently convicted of screwing with its servers -- could this happen to you?

On April 25, a systems administrator was sentenced to 33 months in prison for intentionally causing damage to a protected computer. Jonathan Hartwell Wolberg of Tucson, Ariz., will end his prison term with 36 months of supervised release for sabotaging his former employer's cloud computing server.

According to court documents, Wolberg had worked as a systems administrator for "Company A," a cloud provider headquartered in Virginia. After resigning, Wolberg continued to enter the Company A cloud to damage its servers, its reputation, and its business. This included shutting down "key data servers," including those supporting hospitals. As a result, Wolberg caused hundreds of thousands of dollars in damage.

[ From Amazon Web Services to Windows Azure, see how the elite 8 public clouds compare in the InfoWorld Test Center's review. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]

This is the kind of story that scares -- or is used to scare -- IT organizations about the cloud. After all, core to the cloud-client relationship is your trust in the client provider to keep hackers away from the systems carrying your data and running your services.

In this case, Company A fell down on basic security measures: It didn't change root-level passwords after the departure of an employee who had root-level access to the cloud systems, and it did not conduct security audits for that former employee. Wolberg committed the crime, but Company A made it all too easy for him to do so.

Although stories like this strike fear in the hearts of cloud-using and cloud-considering IT organizations, such tales are few and far between. They're rare exceptions, fortunately, especially at the major cloud providers.

That said, it's a good idea to ask your cloud provider a lot of questions, especially if it's a smaller provider. In some cases, a premigration security audit is in order. The provider should be receptive to such validation requests -- an enterprise looking to use its cloud could result in a business relationship that lasts for years.

This article, "This is why companies are still afraid of the cloud," originally appeared at InfoWorld.com. Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies