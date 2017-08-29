It’s never good news when your workloads, data, or both get hacked in a public cloud. Fortunately, it’s something that rarely occurs. But as workloads and data sets on the public clouds become more numerous, such a hack could occur.

The best way to recover from an attack, aka a hack, is to remain calm and follow these simple rules.

What do if your public cloud is hacked

Do shut down the machine instances as quickly as you can. I’m often taken aback by the number of admins who keep compromised systems up and running. Chances are that the hackers have not yet culled all your data, so you can stop further damage by taking those systems down quickly.

Do contact your provider right away. It typically has automated procedures to lock things down for you, and even locate the source of the attack.

Do review your security policies and security tools, at your first opportunity. Something fell through the cracks, and most breaches that I see are due to human error. While it's fresh in your mind, it's time to do some self-discovery to ensure something like this does not happen again. Even if this specific breach was the cloud provider's fault, the next time it could be your fault—so use the incident to review what you control.

Do contact those whose information may have been compromised. The days of keeping breaches to yourself are long over. If Social Security numbers or credit card data has been compromised, the owners need to be contacted so they can watch for fraud. If it's personally identifiable information (PII) or other protected data, you need to contact your regulatory authority as well.

What not to do if your public cloud is hacked