Lessons YOU Can Learn from the December 2023 Rackspace Security Incident

Lessons You Can Learn from the December 2023 Rackspace Security Incident

Rackspace, a popular “end-to-end multicloud technology services company,” is one of the most recent high-profile victims of cybercrime. There are many lessons we can learn from the Rackspace security incident.

Ominous Beginnings
The company initially reported: “On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment.” Hosted Exchange is a cloud version of the Exchange email server, typically managed by the provider.

Disastrous Outcomes
As the hours and days ticked by, news from Rackspace got worse. “After further analysis, we have determined that this is a security incident.” Rackspace revealed “a significant failure in our Hosted Exchange environment” and indicated that they had fallen prey to a ransomware attack.

Rackspace’s Hosted Exchange clients suffered disruption in the flow of email and permanent loss of their email data.

Rackspace downplayed the severity of the event by communicating that only a small percentage of their clients were affected. This is true. They offer many other services and most of their clients were unaffected…but imagine if it were YOU who lost all of your email. Could your business survive?

The current solution? Rackspace now suggests that their Hosted Exchange clients migrate to Microsoft 365.

Lesson Learned

These unfortunate events surrounding the Rackspace security incident highlight the following concerns:
• Data in the cloud may be vulnerable.
• It’s your data and your business at risk.
• You bear ultimate responsibility for cybersecurity and the integrity of your data.
• Read the SLA!
• Engage in contingency/continuity planning!
• Implement robust backups for hosted email and other cloud services.

Cloud-to-Cloud Backups are Essential to Business Continuity

Providers of hosted services typically prescribe remedies and limit liabilities in their Service Level Agreement (SLA) with the customer. The sad truth is that in the worst cases, the SLA typically only obligates the provider to refund service costs. A refund of a few hundred dollars may be little consolation to the client when the cost of lost data, lost productivity and other consequential damages hits five, six or seven figures.

Cloud-to-cloud backups offer peace of mind to business leaders that depend on hosted services. They provide a way to save, archive, and protect important data in the cloud. With cloud-to-cloud backups in place, all is not lost in the event that something goes wrong with the primary storage system.

For example, if a business's primary cloud storage provider experiences an outage or data loss, having a cloud-to-cloud backup in place can ensure that data is still accessible and can be quickly restored.
Cloud-to-cloud backups can provide additional layers of security for a business's data, as the backup data is stored in a different location than the primary data. This can help to prevent data loss due to natural disasters or other events that could affect a single location.

Cloud to cloud backups mitigate risk of data loss due to corruption of data, ransomware attack, failures of the service provider's infrastructure, and more.

Additionally, cloud to cloud backup services can offer more granular control of data retention. Many cloud services providers offer a rolling 30-day backup but have no solution for clients that want to restore data from an earlier point in time. Cloud-to-cloud solutions put you in control of the recovery points.

Want to Minimize YOUR Risk?

There are numerous services that offer a cloud-to-cloud backup solution. We often recommend SaaS Protection from Datto and the Microsoft 365 and Google Workspace Backup Services from Dropsuite, but each business has unique needs. There is no one-size fits all solution to backup and disaster recovery.

Concerned about data that you have stored in the cloud? EXP clients experience peace of mind, knowing they are working with backup experts.

Contact us today to evaluate risk, weigh your options, and implement best practices for backup and disaster recovery.

Related Posts