When the DNC got hacked in June, it got added to the list of high-profile hacks nobody wants to be on, joining the likes of Sony, OPM, JP Morgan and Target (among others) in hacking infamy.
What's interesting is that all of these hacks had one thing in common: they were all on-prem.
As Anshu Sharma, a a venture partner at Storm Ventures pointed out on Twitter regarding the DNC hack, this should quiet the cloud naysayers once and for all:
PSA: Zero emails leaked were stored in the "unsafe public cloud". Let this be a reminder to naysayers. https://t.co/jfEckiPamm— Anshu Sharma (@anshublog) July 28, 2016
In fact, shortly after the DNC hack, it came out that Hillary Clinton's campaign computers had also been hacked, but by this point IT was watching pretty closely. The hackers got into an analytics program but were unable to get deeper than that.
Most hackers sit inside these systems for weeks or months, building an understanding of the internal network map, and then grabbing all the goodies in one horrible action — as was the case in the Sony hack.
We've been hearing for years that the cloud is the less safe alternative, but if we've learned anything from each passing attack, it's that on-prem is the unsafe option. There is a false notion that if you are in control of your systems, it somehow makes you safer. What these hacks consistently show is that it's the opposite.
Who you gonna call?
On-prem hacks have produced everything from the release of embarrassing emails to finger print information of everyone working for the federal government to credit card information to movie scripts -- and on, and on.
It makes even less sense to me for a campaign, which is by its nature a short-term operation, running on the power of donations to be managing its own servers and software. They can set up operations in the cloud, using SaaS software far more cost-effectively, and they will very likely be far better off than they were trying to run it themselves (as we've seen).
Certainly small businesses should be looking at the cloud because it allows the business to concentrate on what's important, rather than keeping a data center up and running. The same can be said for a campaign. Candidates need to concentrate on winning their races, and putting as many resources as they can into that effort.
I'm not sure how many times we have to learn this lesson before it sinks in, but it seems pretty clear by now. Cloud companies have way more resources to bring to bear on security than most private sector businesses and certainly more than a campaign operation.
Move to the cloud for goodness' sake. It's only common sense, regardless of your party or political affiliation.