Compass Datacenters provides solutions from the core to the edge. We serve cloud and SaaS providers, enterprises, colocation and hosting companies and customers with edge data center or distributed infrastructure requirements.
Compass Datacenters LLC builds and operates data centers in the United States and internationally. We offer build to order, custom personalization, custom-defined fit-out, cloud, and location-based data center solutions. We also lease Compass powered shells/fit-out ready data center structures designed to your requirements. We serve enterprises, service providers, and hyperscale customers.
We’re all familiar with the phrase, “adding insult to injury” and its more succinct cousin, “piling on.” Both idioms describe when something happens that makes a bad situation worse. For example, the jerk who hit your car in the parking lot turns out to be your new boss, or the 30-something-year-old kid who’s been living in your basement long past the expiration date finally gets a job – that requires him to work at home. To these examples, we can now add a new symbiotic relationship between corporate hacking and unemployment.
According to a study by the Ponemon Institute and IBM Security, there were 1,579 data “breaches”—a more benign euphemism for the theft of a company’s sensitive information—in 2017, a 44.7% increase from 2016. Although not formally recognized by any Standard Industrial Code, hacking is a growth industry. As the study indicates, the average unauthorized intrusion costs the breached party an average of $3.68 million for everything from lost business, reputational damage to the time spent by corporate employees to stick a finger in the proverbial dike.
Naturally, the first reaction to the fact that a company has just lost the names, contact information, social security numbers, et al. of 50,000 or so of their faithful customers is to assign responsibility. In other words, someone or multiple “someone’s” is going to have to pay for a hacker’s romp through the business’s inner sanctum. On a basic level, the need to identify a witting or unwitting sacrificial lamb makes perfect sense. When your customer base is storming the metaphoric castle with torches and pitchforks, lopping off the head of your CIO or CISO is a logical response. Sometimes offering up only a single member of the C-suite is not enough to slake the thirst of a mob of enraged consumers, who trusted you not to make their personal information available to unauthorized state-sponsored affiliates. Thus, a few fellow members of the corner office set are forced to open their golden parachutes.
While no one wants to see someone lose their job, seeing a few “C’s” join the ranks of the unemployed isn’t an unexpected mea culpa. But as the study found, the ramifications of lapses in corporate data security impact the average cube dweller more often than one might expect. The researchers found that in roughly a third of security breaches employees of all levels were afforded the opportunity to “pursue other career opportunities.” The study also found that these dismissals often included members of non-IT departments. Unfortunately, the scope of the costs associated with corporate hacks is measurable via the synchronicity between angry customers and sharp declines in revenue that result in fewer folks reporting to the office on Mondays.
Let’s face it, the tenuous nature of today’s workplace has made the single company career with a gold watch at retirement a thing of the past. But isn’t it reasonable to ask why the vagaries of employment should include the capricious nature of foreign governments and criminal syndicates from countries that most of us couldn’t find on a map? While the departure of a CIO has a particular cause-and-effect relationship to undesired access to the company jewels, should the guy or gal in Accounts Receivable have to become caught up in the carnage? Security will continue to grow in importance for a variety of reasons, happy customers being paramount among them, but ensuring that unsuspecting personnel don’t become collateral damage should also be part of the equation.
Designing Data Center
Remember when your mother used to chastise you for performing some action that negatively impacted your home’s aesthetic with the phrase, “This is why we can’t have nice things”? Sure one mom’s vase is another’s right front fender, but the concept is the same. You, or one of your “hooligan” friends, had intruded on the sanctity of another’s possessions. As Tesla, and more than a few other companies have found out, it’s hard to have nice things, even when you’re a Fortune 500 company when unrestrained delinquents decide your data center is an excellent platform for their cryptocurrency mining efforts.
In the spirit of “this is the type of thing that happens to other people,” you might think that these unauthorized mining efforts are infrequent events. At first glance, I would tend to agree except that there’s a name for these odious exercises in free-loading behavior. The correct term is cryptojacking and, as we all know, when any activity has an official name it is a big deal.
The modus operandi for these excavators of digital means of exchange, that seem to have the same level of volatility as the Dutch Tulip Bulb market of 1637, is to illicitly infiltrate a large corporate or cloud data center and install their mining software. These types of attack are difficult to identify since the software operates in the background and the data remains unaffected. While there are no direct red flags that a data center is now working in part to deliver ROI on the intruder’s investment, the costs to the impacted organization can be substantial. Higher usage levels can result in higher electric bills and degraded performance due to the mining application’s consumption of CRU resources and, in some instances, crashing one or more servers. According to security research firm Malwarebytes, organizations can incur “tens of thousands” dollars in costs before they realize that “we might have a problem here.”
While it may be understandable to discount the severity of cryptojacking since it seems somewhat esoteric as opposed to the efforts of serious hackers who seek out things like social security numbers, credit card data and nuclear missile launch codes, this appears to be a growth industry. Trend Micro reports that detections of unauthorized mining are ten times higher than last year, and cloud security firm RedLock estimates that 25% of companies have cryptojacking activity taking place in their data centers, which puts a rather significant dent in the ability to take solace in using the “Not in My Backyard” rationale.
Despite the wide fluctuations in the value of Bitcoin and other cryptocurrency permutations, the availability of software toolkits for prices as low as $30 seems to be making “why not” the default decision for the hacker looking to move from dilettante to hardcore professional. As a result of cryptojacking becoming more of a real vocation, the onus will be placed on IT to develop new; more granular security strategies since no data center operator wants to become the primary element in anyone’s investment portfolio.
The continued increase of hacking in general, and cryptojacking specifically, might give us cause to wonder if anything we do or develop is unexploitable. The answer, of course, is no, but although there will always be those who seek to capitalize on the efforts of others we should never stop our quest for nice things. But, as the folks at Tesla have found; we’ll have to work harder to keep them..