Outage Tales: Murder In the Cloud
It’s still Halloween season, which means it is time for another scary story. This week, Arpio CEO Doug Neumann tells the story of Code Spaces…and, why you likely have never heard of them.
Watch on to learn how a cyber attack brought down a thriving small business, and how to ensure your business doesn’t suffer the same fate.
Transcript:
Hi, I’m Doug from Arpio and today I want to tell you a story about a company named CodeSpaces.
CodeSpaces was once an up-and-coming competitor to businesses like GitHub. They had a thriving business focused on hosting source code repositories for companies in highly-regulated industries. As part of that service, they were responsible for the business continuity requirements of their customers, and they had a very disciplined practice around performing backups and testing disaster recovery.
One day, the CodeSpaces team woke up to a denial of service attack. And when they logged into their AWS account to investigate, they found a ransom note that had been left by the attackers. So, this wasn’t a typical DOS attack – the bad guys had also compromised their cloud account.
CodeSpaces did what most of us would do and began to lock out the attacker. But the attacker recognized their actions, and used a back door to completely annihilate their cloud environment. They deleted all of their servers, their databases, and most critically they deleted all of their backups. CodeSpaces had pretty much lost all of their customers’ data.
When you lose all of your customer’s data, it’s pretty difficult to continue operations, and CodeSpaces shut down their business just a couple of days later.
So, what should we learn from this tale? Well, I think the biggest lesson is the reminder that disaster recovery isn’t just about resilience to fires, tornados, and Amazon outages. The most common and indeed the most existential disasters are cyber attacks.
To ensure that your workloads are resilient to cyber disaster, it’s critical that you do 2 things. First, you have to store your backups securely, outside of your production environment, so that if your environment is attacked, they can’t destroy your backups. And second, you have to be able to recover your workloads into a clean environment that has not been compromised during the attack. You don’t want to restore your workloads into the compromised environment. It’s contaminated.
And that’s the story of code spaces. Don’t be the next code spaces. At Arpio, our product not only secures your backups, but also your entire recovery environment. If a bad actor compromises your cloud environment, they can’t undermine your ability to recover. And, we can get you back online in minutes.
If you want to talk more about protecting your AWS workloads, contact us at arpio.io.