Alex de Joode, security officer of global hosting provider LeaseWeb, discusses why it is vital that law enforcement agencies and hosting companies should cooperate, and why trust is critical to the relationship
Do the police have the expertise to locate a ‘wanted’ server in a data centre, and once located, are they able to take down servers causing minimal disruption and damage, without the help of a host? The answer in most cases is ‘no’.
Just a few months back, it was widely reported that the FBI took down servers from a hosting data facility in the US, which caused a number of websites of innocent companies to disappear. Operations had to be transferred to other locations, or worse, sites weren’t accessible for an extended period of time. As the host in question wasn’t aware of the FBI taking action, customers of the hosting company weren’t immediately notified and the issue resulted in disruption and downtime for a lot of innocent people. A lack of communication and a clear divide between the authorities and the host was evident in this example.
With cyber-attacks becoming increasingly common on a global scale, safety and internet security are at the top of the hosting agenda. Bearing this in mind, hosts need to be aware of the legal and judicial powers the authorities hold in order to enforce compliance with their requirements. Similarly, authorities need to be mindful of technical, legal and regulatory issues, not to mention differences in international law if they are to comply. It is therefore in the interests of both hosting providers and their customers to communicate with the authorities on an ongoing basis, so all parties involved can collaborate more efficiently.
So what can businesses do to really build and maintain relationships with the authorities to ultimately ensure uninterrupted uptime for their customers?
The first key factor is a willingness to cooperate. If hosting providers really want to help tackle cyber-crime, for their own business as well as for their customers, they need to be open and responsive to law enforcement agencies. However, both parties need to understand that it is the law that sets the boundaries within which they cooperate. By simply communicating with law enforcement agencies before any action takes place, hosts can take the appropriate action to minimise disruption and downtime for customers, as well as helping protect their privacy and property.
The second factor that deters the risk of problems occurring is the presence of a dedicated security department within the hosting provider. Having an experienced and qualified team of staff who are capable of dealing with complex security issues has a positive effect on many processes within the company. By devoting a section of the business to specifically deal with upcoming security issues and threats, companies can ensure serious situations are handled correctly. In addition, having a knowledgeable team that thrive under pressure and are trained in the field, hosts will have the resources to be able to tackle these problems quickly, especially if the authorities do make contact and need to intervene. A dedicated security office will speed up the process, minimising the risk of an issue spreading whilst also making the best use of both the host’s and authorities’ time.
The single most important factor to making the relationship work is trust. This is something that has to be built up over time between the hosting provider and the law enforcement agency, so that both parties see value in the relationship. Maintaining strong relationships through regular dialogue is imperative to the trust factor. This is mutually beneficial for both parties as together they can agree on a legitimate process that is effective for the police but, at the same time, does not interrupt the hosts’ ongoing business.
Hosting providers should also show evidence that they are on the cutting edge, by keeping themselves up to date and educated about potential issues by attending security conferences and monitoring hacking forums. By thinking more creatively and monitoring forums like these, hosts can intelligently keep abreast of hackers’ intentions and be more aware of criminal developments in cyberspace. This allows for both hosts and the authorities to act quickly, meaning the hosts aren’t wasting valuable time.
LeaseWeb has strong relationships with the Dutch authorities. This means problems are dealt with fast, mainly because as soon as an issue arises LeaseWeb notifies its customers. By providing them with this intelligence, customers are kept in the loop and the authorities only need to be alerted if the problem escalates.
Building relationships with the authorities is something all hosting providers should be actively thinking about, if not already pursuing. With the correct protocols and operating procedures in place, hosting companies can foresee and potentially avoid serious issues.