Code Spaces, a vendor that claimed to provide secure Source Code hosting and project management support, has just been forced to admit to their customers that they’ve been sabotaged by a cyber extortionist, and they probably cannot fully recover. They put all their hopes, and all their customers’ data, into a single cloud, and it burst.
While not an especially large service provider, the remains of their site on the Wayback machine mentions a number of blue chip clients. I have to wonder how many Code Spaces customers didn’t bother to keep a copy of their code somewhere else.
At the time of this writing, Code Spaces has an explanation, with the unhappy news As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.
Business failure and client data loss are always unhappy events. It is particularly distressing when it happens to a cloud-based service that advertises “redundant, high specification servers with guaranteed uptime and availability.” Guarantees are empty paper when the data is permanently gone because the vendor failed to adequately protect it from hackers, and failed to adequately back it up. And if a vendor is no longer financially viable, service levels and contracts become moot.
As I stress in my latest research note, Everything You Know About SaaS Security is Wrong, the users of cloud services need to take responsibility for the care and feeding of their own data.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.