Danger in the Cloud?

October 13, 2009 at 9:37 am | Posted in Systems Management | Leave a comment
Tags: , , , , , ,

10 years ago, I was interviewed for a position within the newly formed eTrust security practice at Computer Associates (now CA).  The Consulting Director who interviewed me asked how much I knew about the eTrust product set.  I reeled off the list of products (I know how to research!) and explained which of them I had firsthand experience with.  I concluded by saying “Oh, and we use Arcserve for all our backups.”  The consulting director pointed out that Arcserve (CA had recently acquired Cheyenne) is a storage product, not a security product.  My response “It is where I come from!”  I got the job anyway.  

The point of this anecdote is that security is based on that well-known triad Confidentiality-Integrity-Availability.  In fact, Dorothy Denning makes a compelling argument for expressing both confidentiality and integrity in terms of availability.  So, of course backup and recovery – the first line of defence for availability – are part of security.

Backups matter!More recently, as I was setting up Identigrate UK, my desktop PC suffered a catastrophic failure.  Things rapidly deteriorated until I couldn’t even start the machine in SAFE mode.  However, as a long-time paranoid security specialist (even paranoids have real enemies, right?) I had set up regular backups to an external eSATA drive (stored in a fire and water proof safe).  I had also set up to backup critical documents (business plan, budget spreadsheets …) as they changed, using BT’s Digital Vault service.   Finally, the PC manufacturer had had the good sense to configure a recovery disk, based on the excellent Norton Ghost.  So, after half a day of hard work, my PC was restored, all applications re-installed and virtually all data recovered.  It reminded me of a (somewhat cynical) definition of backup as “something you start doing immediately after your first hard disk failure”.

On 10 October, after a week of escalating outages, T-Mobile was forced to announce to it’s Sidekick users that their data had been lost and that recovery was extremely unlikely.  For those that (like me) haven’t come across the Sidekick beforeTrain Wreck!, it’s a smart phone, manufactured by Danger Inc.  Microsoft acquired Danger Inc in February of this year.  The important thing is that the Sidekick doesn’t store data (contacts, calendars, to do lists, photos) locally, but rather stores it  “in the cloud” or more accurately on Danger’s servers.

It’s still not clear what actually happened, but there’s speculation about a bodged SAN upgrade.  However it happened, how can you possibly run any enterprise IT setup and not have fully functioning – and tested – backup and recovery processes?

Now, I use an iPhone, so could the same disaster befall me?  Well, no.  My iPhone stores most of its data locally on the device.  When I connect the iPhone to my PC, it makes a backup on the PC (which is then backed up to the external disk).  I do use cloud services with my iPhone – MobileNoter, Google Calendar and so forth – but these are just synchronising data between my iPhone and my desktop/laptop.  So, the cloud data is not the only copy.

I suppose the moral of this story is that people are carrying ever more sophisticated computing devices in their pocket and they’re using them in conjunction with ever more complex cloud services.  For many people,  this is all new and bewildering, but that’s going to change.  As Larry Dignan comments on his blog, “As we rely on the cloud more there will become a day when everyone will have some basic knowledge of IT management. Rest assured, Sidekick customers will know you’re supposed to back up your servers better. Gmail customers may learn a bit about scalability. And TD Bank customers certainly know that you can’t merge systems without a fallback plan if things go awry.”

Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: