If you send your data to the cloud today you might be sure of a big surprise: it could vanish. SwissDisk users know this and T-Mobile Sidekick users know that Microsoft is quite capable of losing their data, too. Stephen Foskett is Director of Consulting at cloud storage provider Nirvanix. He writes: Subpar offerings from flaky …
Two words: Fuck off.
"Five final words: "Buyer beware" and "Trust, but verify"."
The mind boggles ... I need to beware of my purchase, and trust a third party, but I have to verify that they are capable of protecting my data?
I think I can ignore the third party, and verify that I can protect my own data myself.
So-called "clouds" are for clueless chumps.
Back-up as much as you can
Interesting article. Quite agree. I have a mental picture of some seedy, back-street set-up with racks of ancient computers holding loads of un-encrypted data, just right for the hacking, thereof! I have an inbuilt grave mistrust of cloud computing anyway, even more so after seeing recent articles about quite high-profile outfits "misplacing" data. I would rather have my data under my own control, thanks very much, to the extent that I back-up to no less than three external hard drives and a laptop! Belt and braces (or suspenders - to our friends across the pond!)
Well put sirrah!
But to be fair it can be condensed into:
1 - you will get what you pay for
2 - security risks abound
But, and to be fair again, these also exist at present.
For (1) what will an organisation be prepared to pay for its necessary IT staff? Top dollar? Unskilled minimalist overreaching into catastrophe?
And, as a consequence of above statement, we have satisfied (2). While most organisations have an IT policy, a data policy, an ICT policy, a web use policy, an email use policy ... how many actually implement them and ensure policy is upheld?
So you see, I posit that exactly the same risks exist whether services are provided inhouse OR by cloud.
Attempts to regulate inhouse usually means a higher wage bil because more qualifications usually equate to higher income.
I am sure that attempts to regulate cloud will also impact on cost of services.
None the less, way to go dood!
For example, in the UK, could the academic network set up a cloud storage system to bypass local inhouse storage systems (per kindergarden, per school, per college, per university, ... ) and see what cost effectiveness it has potential to bring (note: UK publicly paid services tend not to consider cost effectiveness as keenly as private sector)
Sorry but since when does 'file server' with no/poor backup (swissdisk) qualify as a 'cloud' service? As I understand it a cloud (storage) service is inherently redundant, geographically distributed and resilient. Perhaps we should start by defining 'cloud' properly in the first place.
So no conclusion, then?
Trust but verify. I can live with that.
So at what point did banks become "trustworthy"? Come to think of it, I still don't know when my bank will fold, taking everything with it; I have no real indicators as everything is nicely obfuscated. Surveillance often is asleep at the wheel (BCCI, anyone?) and one may have to wait for criminal investigations or recession crunch time for some effective "rating". In the latter case, governement steps in with a "bailout" but that's no solution either, it's just a licence for the bank to play pirate at taxpayer expense.
If your cloud crashes and burns, the gov will give you back your byte amount taken from /dev/urandom. Hmm...
Troll logo, because it's all hair-raising.
it doesn't discuss *reliable* communication with the cloud, nor the rather more subtle point of data corruption within the cloud. You'd hope to get out what you put in, but data does decay, bits just flip etc. but what is a tolerable corruption rate (when stored, never mind when transmitted)? Depends on user, so they need to be able to recognised that issue, specify error tolerance and pay extra for better. Probably lots extra because it means a lot more hardware/procedures/processing (of hashes etc)/mutually agreed verification systems plus of course the shedload of extra legal work this'll entail.
Cloud providers could convince insurance companies that they are a good bet/pay them reasonable premiums and offer their clients (the cloud consumers) compensation if and when things go wrong. To keep things simple, the compensation can be for a given amount instead of being unlimited and related to consequential losses.
You have gotta be ******* kidding me.
"Andy Burton, chief executive at web-hosting company Fasthosts, and FAST IiS’s chairman of the CIF Group, said:"
Excuse me, but anybody even remotely related to Fasthosts, let alone the guy who runs it , has no right to have anything whatsoever to do with anything regulatory, with regards to any type of hosting be it cloud or otherwise period!
What's the tag line? 'Welcome to Inter Web it's regulated by lemmings.'
Cloud computing, who's watching your back?
Cloud computing is all the rage this year, with Amazon’s Elastic Compute Cloud (EC2) and Simple Storage Service (S3), Agathon Group, ElasticHosts, and dozens of other providers available to you. Amazon S3 was down for nearly 8 hours on July 20, 2008, Gmail has suffered multiple outages of up to 2 1/2 hours affecting more than 113 million users, Ma.gnolia bookmarking service suffered a database failure, and Carbonite lost data belonging to 7,500 customers. Would an outage of any length affect your company? Do you have a business continuity plan should your hosted applications or data go offline, become corrupted, or destroyed?
Before you can develop a plan to respond to cloud computing issues, you need to understand what those issues are (risk analysis) and how they affect you (business impact analysis). Do you need to think about geographic dispersal of your application? Have you investigated trans-border data issues (Especially important if you serve customers in Europe)? So what questions should you be asking your cloud provider before you migrate your applications to their infrastructure? Here is my start on a checklist:
- What is the hosting provider’s overall uptime guarantee for a specific software instance (not the overall environment uptime)?
- Do you have a choice of data center(s) where your application will run?
- Will your application run on high availability (HA) systems?
- What is their disaster recovery plan, including response to a pandemic?
- How is the environment monitored for OS / DB / application failures and how are you notified?
- Who is responsible for bringing a crashed environment / application back online?
- Does the provider back up your data or is that left to the customer?
- How many generations of backup are maintained in case you need to recover from a data corruption issue?
- What is your RPO (recovery point objective) guarantee?
- Are backups protected from theft and damage?
- Are backups encrypted?
- How are the encryption keys rotated and managed?
- Are backups stored off-site?
- How is backup data secured from loss or theft?
- How does the service provider know who at your company is authorized to contact them by snail mail, email, or telephone and how do they authenticate the contact before making changes or releasing information?
Ron LaPedis, MBCP, MBCI, CISSP-ISSAP, ISSMP
when, not if...
"can afford to lose it or spread it across more than one provider"
Perhaps that ought to be changed to duplicate it across more than one provider. If your business depends upon data spread across more than one supplier, you are vulnerable to failures in any of them.
There's a direct and, appropriate, analogy with RAID groups here. Spreading your data across more than one supplier is the equivalent of RAID-0, mirroring it over more than one is like a RAID-1 setup.
However, all this may be pointless - if some critical company in your supply chain fails due to a cloud storage problem, then you are going to suffer too. With many companies reliant on such organisations there is a real danger of what in engineering is called a common-mode failure. (Arguably the banking sector fell foul of something similar - or at least a systemic failure).
Of course costs will win out in the short term and the disaster will happen - it's not if, it's when...
A tenuous link to UK banks and finance sector appears above and I thought I might be able to get away with adding:
* Now that EU has decided the UK finance organisations in receipt of mega-UK funding need to be broken up is it not a natural consequence that all board members (directors and otherwise) of said organisations should be struck off the register and banned from being directors for some minimal period (life seems reasonable to me). *
The world is getting smaller and it is true that internationally available information on a 24/7/52 basis will resonate with organisations that tend to have a worldwide catchment area anyway.
So it will appeal primarily to the bigger organisations then probably cascade to smaller ones?
In either case I think cloud is a glimpse of tomorrow's technology for sure
Cloud Storage means everything to everyone
Given the wide variety of definitions for the term, the intersecting justification for the technology can easily be made to be zero. Here are the propagating definitions:
1) Cloud = any web service where a user's data is retained (incl Facebook, Goog docs, etc)
2) Could = storage in a utility-based pricing model ($/GB/month)
3) Cloud = a storage technology with 'cloud' attributes; scalable, self healing, low cost, extra failure resilient, either implemented within an enterprise or over the Internet.
The last definition is the key one...Whether the storage platform is internally hosted or externally hosted, the customer requires technical due diligence and transparency. If they don't get it, they'll choose to walk away! Thus storage vendors (including SSPs) will learn that transparency and SLAs are a key requirement to maintain market share.
Everything regarding a) where it is hosted, and b) how you are charged for it are simply details of implementation, and a function of the providers' business models.
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call
- Pic Tooled-up Ryobi girl takes nine-inch grinder to Asus beach babe