My self and the rest of LDC went to the MongoDb Coming To You day in London and amongst the many interesting sessions, there was one about MongoDb security, I’m not going to even post a link to the slides as the interesting part was not on them, it was an story about a company going under due to losing control of their AWS (Amazon Web service) access keys, their site was hacked, their servers terminated, their databases deleted and all their backups purged. Everything…. Dead
This gave me quite a shudder, I’m more than a little bit paranoid at the best of times, but it did remind me of off the old phrase to never “put all your eggs in one basket” and that applies as much to cloud platforms as to anything else, however its a tricky trap to escape from as the cloud service providers sell them selves as everything you could ever want and there is no need to have any other vendor, they make it sooo easy to just bolt on services using the same credentials, yes they do provide granularity and yes they provide 2 factor authentication, but they are always a single point of failure and there is no physical security measure if you suffer a major breach (you can’t pound down to the server room and yank the cables out the back of your router or servers) if the bad guys get your security keys then they ARE you.
So what to do?, cloud services are cheap and hideously powerful for their money, not using them robs you and your company of a major advantage in the Internet economy?
Well let’s relate this all back to personal experience and in particular LDCVia, after the conference we sat down and worked out some worst case scenario ( loss of the root account API keys, breach in a primary admins 2 factor authentication or a member of the LDC founders being possessed by a Brain Slug) and figured out how we would deal with them, not what we would do to prevent them, as we had already do everything we can to that end:
But how much damage we would be looking at and what the hell we could do to mitigate and recover from it.
For how much damage?, cater to losing all of it, the whole lot lost or compromised :( how are we going to deal with that >:( .
I think I need a brown paper bag and a quiet place to calm down (shudder)