Adam Borowski <kilobyte@???> wrote:
> In other words, you always need proper (ie, versioned) backups.
> Using a "cloud" is no excuse, as those guys are not paid to be competent
> (from your point of view), they're paid to generate revenue.
I didn't say cloud providers weren't paid to be competent - the disappearing photos issue was a basic "attacker has enough info to operate password reset mechanism" problem, and he got some of that info from social engineering another account at another provider. That latter bit could, in many cases, be as simple as looking at the target's Farcebork page to find their birthday or pets name.
But yes, it really comes down to "have good backups". Plus, "cloud is not a backup".
Sadly, it is "not that uncommon" to see supposedly professional IT people pushing cloud as though it's a "stuff it in the cloud and it's an SEP*" fix for all security and availability issues.
Seriously, I have seen cases where "backup" is implemented as "syncs with a cloud account, no further thought required"
* SEP = Someone Else's Problem
Simon Hobson