|
|
|
|
|
|
by nasalgoat
2254 days ago
|
|
|
I worked at a place that had virtually zero internal systems, including version control, and relied heavily on Github in particular for things like access control, beyond just source control. One of their remote devs had his Github account hacked (pre 2FA) and then had access to Slack as well, and the hacker managed to socially engineer his way into a number of sensitive areas and increased access, to the point the company had all their code taken and a number of high GPU Amazon instances started to generate crypto coins to the tune of a $35,000 EC2 bill. I'm from the old school and have never trusted third party services for anything critical to the company. I'll admit a bit of internal gloating after that incident. |
|
|
While I am of the similar old school like you (I run my own mail server, web server, nextcloud, used to do ejabberd too...), I think it's more cost effective for smaller companies not to do it themselves, as long as they keep their own backups.
The difference is that when they self-host, they are more vulnerable to targeted attack (on average, for similar dollar investment), but if they host with SaaS providers, it's opportunistic attacks they should worry about more.