Outsourcing of critical business components to third parties has been a trend for a number of years, and has been something that Information Security personnel have been concerned about from the start, particularly due to the risk posed by having sensitive company data in a remote location outside the control of the company.
Errors involving offsite backup storage providers, and data in transit to them, might have been the first external service providers to have attracted attention when it comes to data loss. But reports of theft directly from external providers are increasing and is having a greater effect on the ability of companies to conduct business when theft or other service outages occur.
Recently, the Financial Times got to put its disaster recovery procedures into practice when they had some of their primary website equipment stolen from their external hosting centre. Fortunately for the Financial Times they were able to revert to backup hosting equipment in the United States, but the downside was that there was no ability to release new articles or update existing data on the site.
Any outage such as that suffered by the Financial Times is going to cause some problems for a company. But when it directly affects core business elements, like being able to publish and distribute timely news articles and opinion to the financial sector from a major news provider, it can lead to far greater detrimental effects for a company.
A less considered outcome, but one which is most pressing for the third party provider, is just how many other companies may have been affected by the break in and what sort of recovery plans they have and are able to implement. Considering that the third party provider is reported as providing network and other services for major financial and law enforcement providers then the net effect of the break in might go a lot further than a financial news site not being able to publish new articles.
Although equipment may not be stolen when an online break in takes place - it might be just a simple Web site defacement - the effect of a service outage can be just as dramatic and the hidden risk of unalerted data theft might not be recognised until your data is splashed across the Web.
With more and more services being pushed to co-lo facilities and external data service providers, the level of security at these providers becomes paramount to your data security. This theft is just the latest in a string of reported thefts that have affected hosting providers across the globe over the last 12 months. The weakest and most vulnerable link in your data management system may no longer belong to you or your company.