> What kind of hosting company is going to have any kind of reputation after admitting their security allowed an ex-admin to ransack everything?
The kind of people that:
- Use Gmail, iCloud, etc. post Snowden
- Buys SSL certificates from Comodo, etc.
- [put other companies here]
So, pretty much everybody, me included. Your idea that mis-management can damage a company's reputation permanently, has been proved wrong. The complexity of moving an infrastructure in and out of a service provider is apparently bigger, os as you say, we're all stupid - we manage to survive somehow though.
>>admitting their security allowed an ex-admin to ransack everything
What, exactly can be done to secure a company against a malicious systems admin? These are the guys typically with not only the keys to everything but also the knowledge of how it all works.
You say that the company cannot be trusted for "allowing" this to happen.
I know quite alot about this stuff, and for MOST companies, they simply have to trust that the people with the keys to the castle with behave responsibly.
There are ways to design infrastructure such that it is protected from its builders and keepers, but this is very very hard and complex and expensive.
Presumably you work for a company that has taken steps to ensure this will never happen, what are they?
You should be trivially able to secure your company against an ex admin, though -- why was this ex-admin's credentials not revoked immediately after their employment ended?
At my one and only sysadmin job, the network was secured from likes of this guy by the senior engineer, a Vietnam vet with trust issues and whose talents weren't only technical.
Nothing says "web of trust" like knowing your boss could show up at your door with a shotgun demanding answers.
> why was this ex-admin's credentials not revoked immediately after their employment ended?
Maybe they were but he'd set up time bombs.
Maybe the admin was fed up, knew he wanted to burn things down, wiped everything remotely and then never turned up for work and he became an ex employee in the aftermath.
It's decidedly not trivial to secure your company against a malicious admin who has control of much of your infrastructure.
There's nothing trivial about that unless the organization is tiny with the most boring and controlled IT ever. There's lots of little cracks for admins to slip in. That's not to mention physical devices with remote, wireless access planted in the building somewhere. Or even in keyboards of important people.
At best, these companies will be keeping out the riff raff. Fortunately, that will stop majority of attacks since most admins aren't geniuses or spending personal money on attack toolkits with 0-days.
If they leave the company, their access might be left running for a while in case they're asked to come back on and fix something during that post handover period.
Or maybe they had backups running under their account and when their account was disabled everything failed so they re-enabled it while they sorted out the mess...
Or they had multiple accounts as part of "security" and HR only knows to disable one and didn't find the other one in time.
There's a whole bunch of reasons why shit like this goes wrong. Every time. You'd cry.
Who's saying they weren't? I'm sure that administrator would have been able to plant subtle backdoors, or find and not fix vulnerabilities and misconfigurations, during their time there. In which case it wouldn't matter that their credentials were revoked.
Honest question: Are Ansible + peer reviews enough to secure sysadmin work? Of course they can log on the machine to open a backdoor, but they are supposed to be regularly destroyed and rebuilt regularly, so we're theoretically safe, aren't we?
Either way, their reputation would be trashed. Intel knew about potential issues in their products for many, many years. I'd shed no tears if lots of people do this to them now.
Rephrase the question -- what idiot customer is going to do business with such a place that allows such a lapse in security to happen?
Intel would basically have to buy the company.