In 2014, a systems administrator was sentenced to 33 months in prison for intentionally causing damage to a protected computer. Jonathan Hartwell Wolberg of Tucson, Ariz., will end his prison term with 36 months of supervised release for sabotaging his former employer’s cloud computing server.
According to court documents, Wolberg had worked as a systems administrator for “Company A,” a cloud provider headquartered in Virginia. After resigning, Wolberg continued to enter the Company A cloud to damage its servers, its reputation, and its business. This included shutting down “key data servers,” including those supporting hospitals. As a result, Wolberg caused hundreds of thousands of dollars in damage.
This is the kind of story that scares — or is used to scare — IT organizations about the cloud. After all, core to the cloud-client relationship is your trust in the client provider to keep hackers away from the systems carrying your data and running your services.
Wolberg committed the crime, but Company A made it all too easy for him to do so.
They’re rare exceptions, fortunately, especially at the major cloud providers.
That said, it’s a good idea to ask your cloud provider a lot of questions, especially if it’s a smaller provider. In some cases, a premigration security audit is in order. The provider should be receptive to such validation requests — an enterprise looking to use its cloud could result in a business relationship that lasts for years.