Fire at OVHcloud

Data in the cloud must also be secured!

The serious fire at Europe’s largest cloud provider OVHcloud last week vividly illustrates the consequences that can occur for companies if IT security is not given appropriate priority.
Due to the fire, all servers had to be shut down. The result: according to media reports, more than 3 million websites were at least temporarily unavailable. Among them were also those of smaller government institutions in various countries. And: Some customers lost data completely.
Many companies are only slowly realizing that IT security is not optional. Nevertheless, many still deal with the topic far too superficially and in many cases simply rely on “the cloud”.
The devastating fire at OVHcloud is a good example of what this can lead to. According to press reports, a number of customers lost data for good because they had not provided a sufficient backup.

No backups for customers

Although OVHcloud customers could have purchased the corresponding service, not all of them did so – apparently for cost reasons. Customers who had not provided for backups elsewhere are now likely to be left empty-handed. Depending on the purpose of the company, this could end up threatening the existence of the individual. Companies are therefore well advised to comprehensively review their back-up and restore concept and, in particular, to take data in the cloud into account.
However, it is not only the back-up concept that should be convincing – companies must also ensure through regular tests and exercises that the actual implementation works, responsibilities are clarified, everything has been thought of in the event of an emergency and the restart times are adhered to. The potential need to switch to another cloud provider at short notice in the event of an emergency must also be taken into account.

Carefully selecting cloud and data center service providers

Many companies get the impression that if they store their data in the cloud with an external data center, they are booking a “full-service package” and no longer have to worry about their data. This may need to be checked for each application on a case-by-case basis! To what extent and how often does the provider back up the data? How easy is it to restore the data in the event of an error?
Under no circumstances should you be careless when selecting a data center service provider. Relevant certifications such as ISO 27001 can be used as an indication that the provider is a reputable one that is committed to information security. You should not always just consider the cheapest provider. Do not forget to take out a

order processing contract if personal data is stored or processed in the data center. With regard to the guaranteed security measures, companies should always check these critically and question whether these are actually implemented by the provider or only exist on paper and whether adjustments may be necessary in their own organization. In case of doubt, this can be checked by a so-called supplier audit or service provider audit or also by the data protection officer on site!

Are you also not quite sure what you need to consider when using an external data center? Then contact us. We will advise you on the pitfalls and help you find the optimal concept with individual solutions!