Monday, March 04, 2013

Evernote Hack: A well a handled Cloud service hack

Being completely up front we love Evernote here at BackChannel, almost everyone uses it.

So it was a bit of a disappointment that a company that relies so heavily on its web infrastructure should fail to learn the lessons about 'crown jewels' security like  Microsoft, RSA, Twitter etc, etc...

As an old security guy I think they did exactly the right thing in in notifying their customers and forcing the password reset and I'm not alone in that opinion.  But as you would expect with 50,000,000 users needing to change their password; there have been numerous gotcha's for people who signed up with now defunct mail addresses, especially those who have recently upgraded and couldn't access their 'local' data as a result.  Checking out the community posts on the relevant Blog posting Evernote seem to be handling it fairly well and hopefully in future they will take more care.

As my Dad said 'Son the most valuable lessons learned are also the most expensive'
Anyhow final thought- If you're moving anything to a Cloud Service make sure you understand what you're buying into; make sure you can get to mission critical data in any circumstances, make sure your provider has a clear and documented policy on service denial, ensure they have a documented process for recovery and proper insurance against service failure & data loss - after all its not their data they're looking after it's yours.

No comments: