Is the cloud still safe? How to survive a cloud computing disaster.

Is the cloud still safe? How to survive a cloud computing disaster.

Summary: The news isn't just limited to Sony and it's not just about hacking attacks. There have been cloud failures at Amazon, Google, Microsoft, and more.

SHARE:

Image courtesy of Flickr user inottawa.

The news just keeps getting worse and worse for Sony. Now, it's Sony Music and Sony Erickson that's being hacked. This after weeks of PlayStation Network downtime and an expansion of bad news into Sony Online (well, offline these days) Entertainment.

See also: More Sony bad news: Sony Online also compromised (this goes beyond the PlayStation Network)

The news isn't just limited to Sony and it's not just about hacking attacks. There have been cloud failures at Amazon, Google, Microsoft, and more.

The Top 5 Tips to Survive a Cloud Computing Disaster

This Friday May 27, I'll be hosting a free, live webcast for CBS Interactive discussing whether the cloud is still safe. I'll be joined by top ZDNet and TechRepublic experts and we'll dive deep into the recent problems of cloud computing, and whether it's still safe to entrust your data to the cloud.

It's at 1:00 PM ET (that's 10:00 AM PT and 5:00 PM GMT). I hope you'll join us, bring questions, and be prepared to help us come to workable, actionable conclusions.

Register at: The Top 5 Tips to Survive a Cloud Computing Disaster

Let's run down the recent list of cloud failures. Then, we'll ask and try to answer the question of whether the cloud is still safe.

Amazon Web Services

AWS was down for about a week. The failure also took down some Web services like Quara, FourSquare, and Reddit that were dependent on Amazon, providing the valuable lesson that if you're going to use a backup cloud provider, make sure it's not using the same service provider you are.

See also: 7 important survival tips Amazon's orphaned 0.07 percent can teach us

PlayStation Network (and all the other Sony woes)

Sony has been the target of one or more sustained attacks by outside actors. It seems that once the company solidifies security on one front, another perimeter is breached and the company once again gets attacked.

A lot of old-time IT professionals have little pity for Sony ever since the rootkit fiasco (see this story from 2005's ZDNet). Even so, the company's just had to weather quite literal storms in terms of the terrible tsunamis and earthquakes in Japan, and so these virtual cloud problems are just making things worse.

Many Sony customers are considering jumping from PlayStation to other platforms, and with E3 coming up in just a few short weeks, it'll be interesting to see how Sony presents these problems to the public -- and whether they've managed to batten down the hatches to any extent.

See also: More Sony bad news: Sony Online also compromised (this goes beyond the PlayStation Network)

Epsilon

Epsilon Data Management found that it hadn't managed it's data all that well. Consumers will wind up paying the price. Epsilon provides mailing services for major consumer companies. A breach of its systems resulted in a loss of more than 60 million email addresses from more than 50 companies you used to, but should no longer, fully trust.

We expect millions of consumers to get very targeted phishing emails, which means, pretty much, that you should never trust any email you get, ever, ever again.

See also: Epsilon data breach: What's the value of an email address?

LastPass

When password management company LastPass thought it might have had a breach, it quite properly shut everything down and began an internal investigation. The problem was that the company didn't use best practices, and was completely unprepared for all its customers trying to change their passwords -- all at the same time.

Millions were shut out of not only LastPass, but also all their other password-based online services, including their email accounts.

See also: We interview LastPass CEO: the human price and the real truth

Blogger

When free blogging service Blogger.com (part of Google) performed some regular maintenance recently, something went wrong. The result was about 30 hours of blog posts were lost.

See also: Google's Blogger outage makes the case against a cloud-only strategy

Android

You might love your Android handset, but it might not love you back. A rather extensive security hole was found in the service, opening the door to all sorts of disturbing penetration possibilities. Google's hard at work fixing the bug, but it's still scary.

See also: Android has a gaping network security hole

Next: Dropbox and more »

« Previous: Sony, Google, and Microsoft failures

Dropbox

Finally, we visit our friends at Dropbox. Dropbox is a Web file system solution and if you have an iPhone and want to use it for anything useful at all, you're probably using Dropbox to supplement the iPhone's internal file system.

Recently the company changed its terms of service, substantially changing their wording for how they manage encryption. Even after I wrote my article below, we've been learning more and more about how the company manages encryption. Short form: it's adequate for most uses, but if you're hiding something, don't count on it staying hidden from the authorities.

See also: If you have something to hide from the government, don't use Dropbox

Friday's webcast

Before you go, here's all you need to know to register for Friday's webcast.

As more and more businesses of all types and sizes continue moving to the cloud for a wide range of IT solutions, the risks from a failure at any of the many cloud computing providers becomes even more important to business and IT professionals.

In fact, a series of recent cloud computing failures demonstrate just how damaging they can be when it comes to the potentially permanent loss of information. Of course, there are also a great number of preventative steps that any organization can take to minimize the impact by simply knowing what to expect when confronted by the unexpected.

Attendees will sign on to this live and interactive ZDNet webcast to learn:

  • A better understanding of the rising risks posed by an ever-increasing number of cloud computing solutions and providers.
  • Top strategies and tactics to prevent, manage and survive an unexpected failure or loss of cloud computing resources.
  • The most promising technologies and solutions to ensure the most reliable and robust protection for cloud-based information and services.

Cloud computing is one of the most important IT innovations ever, but that doesn't mean it isn't without its problems. Join me at this live webcast where I'll be joined by a distinguished panel of international experts, as we uncover The Top 5 Tips to Survive a Cloud Computing Disaster.

Register at: The Top 5 Tips to Survive a Cloud Computing Disaster

List any questions you might have below, and don't forget to attend.

Topics: Virtualization, Cloud, Hardware, Servers

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • Still safe? The cloud has NEVER been safe!

    We have been raising security concerns about the cloud since the days when it was simply called network computing. The off-site storage of critical information by third parties and the subsequent aggregation of individual targets into a single entity provides an enticing target for crackers who seek to benefit from their criminal misdeeds.

    While someone would not likely mount an attack against a hundred small targets, it is irresistible to them when those hundred can all be hit with a single attack. The cloud enables this.

    That's not even going into the productivity loss resulting from down-time on our so-so network infrastructure here in the USA, the issues of data ownership, the issues of privacy when data from one jurisdiction and is stored in another, and the endless list goes on...

    Safe? It isn't and never has been.

    Regards,
    Jon
    JonathonDoe
    • RE: Is the cloud still safe? How to survive a cloud computing disaster.

      @JonathonDoe

      Agree 100%.
      NoAxToGrind
    • RE: Is the cloud still safe? How to survive a cloud computing disaster.

      @JonathonDoe

      +1
      Tommy S.
    • No, it is not safe - thanks to one one simple principle ...

      @JonathonDoe ... guaranteed anonymity.

      The Internet was developed to be free and open. Originally, it was open to military users - all of whom were already in positions of trust. When the Internet was opened to universities, the principles of "academic freedom" kept it open, but it was still relatively secure.

      Today, anyone, from any place on Earth can have free and open access to the Internet - and they may do so without leaving any personally identifying information behind.

      It truly is like the American Wild West of the Nineteenth Century. Sure there were laws to protect citizens but that made a difference only if the sheriff could find the bad guys.

      Today, the bad guys could live across the street or 10,000 miles away.

      A bank robber leaves evidence behind - finger prints, DNA, witnesses, images from security cameras, and on occassion a body or two.

      A hacker leaves a trail that disappears very fast indeed and, even if the trail is picked up in time, it is costly to trace and often leads to a dead end in some part of the world where law enforcement is weak and slow to respond.

      As long as there are deceptive and dishonest people in the world, and the chances of getting caught are exceedingly low, the risks will remain high.

      Caveat Emptor.
      M Wagner
    • You Can Say That Again!

      @JonathonDoe ... It isn't and never has been. But now there's a LOT more attention paid to it since the making up of the misnomer "cloud" and putting their contents in the forefront of every hacker's mind.
      It's all been obvious to anyone from the very beginning that this was a likely outcome and that the further descriptions by lazy and ignorant entrepreneurs with no knowledge of security began their big marketing campaigns so as to notify everyone on earth in case they weren't aware yet.
      If all goes back to the old saw: If you don't want something compromised, DON'T put it on the 'net! There is no such thing as perfect security and never will be.
      tom@...
    • RE: Is the cloud still safe? How to survive a cloud computing disaster.

      @JonathonDoe

      What he said
      tonymcs@...
  • RE: Is the cloud still safe? How to survive a cloud computing disaster.

    What a bunch of idiots, Clouds are for making Rain.

    Get over it !!!
    X41
    • RE: Is the cloud still safe? How to survive a cloud computing disaster.

      @X41

      Well, actually, it kinda did make "rain" since people were crying when they couldn't access their apps/data/etc...

      Hate to see what a hurricane looks like. :)
      mibjr
  • I agree with Jon - Was never safe; all about revenue streams

    The "cloud" is all about tying business to a subscription model to generate revenue. It is rarely, if ever, about creating a more efficient computing model.

    And where is "safe" anyway? Japan? The top of mount Everest? You might as well run the servers yourself.

    And that doesn't even count the cloud providers that fold up and go home.... Cisco's online Flip storage is the most recent example.
    croberts
  • RE: Is the cloud still safe? How to survive a cloud computing disaster.

    I've said it countless times... The cloud is not safe and unless we live in global dictatorship where everyone is watched step by step this will never change and if they had a global dictatorship there would be global revolt.

    There is no system on the planet that is bullet proof with the exception of those not connected to the internet. Encryption helps but with evolution of real computers not this Chromebook garbage which is only dumbing down tech and slowing progress real computers will have more power to defeat encryption and I'm sure hackers are hard at work on strong encryption. Simple tools such as John The Ripper which have existed for eons decrypt rather quick and easy.

    The in my opinion the ideal would be to have all your personal data and storage local as well backed on the web if desired but also you must be willing to take the risks involved. I keep my data private as it makes me one of billions on the web and the chances I'm singled out is slimmer then if I had all my stuff in the cloud with a billion others and make it a one stop shop data surplus.

    Let me ask you this, would you keep all your eggs in one basket in your house or out on the street in traffic? Storage is so cheap these days you could have 10 HDD backups which are offline and away from people looking to "all your base are belong to us". I've always said, the cloud is a great addition but not a solution. Where is the innovation with the cloud? Where are the hardware leaps we look for in computers when we get a standard POS to float through bat weather with? Where is the versatility? What happens on a rainy day and you wanted to play some games? Web browsers are plenty fast these days with greater capabilities to do things online with GPU acceleration but it is only as good as the hardware you're running. Crapbook from Scroogle I'm sure doesn't have a ATI 6870 or nVidia 580 GTX. How do you expect to play things like COD or Crysis online streamed? This brings up another point... With just how far behind our conduit and infrastructure is in this "great" nation our half assed network infrastructure can hardly handle what wimpy crap we throw at it now. We need better network throughput nation wide and more powerful computers (stationary, portable and ultra portable) that are powerful yet power efficient. Look for depth in computing not just convenience. Where will all the innovation go? Google already looks like computing from the early and mid 90s, should we all say f-it and just go back to DOS? I say push ahead and make a more in depth virtual environment both shared online and off. Don't put your precious data and personal info on the web for people to steal. You don't see me hitting up SF hooking up with dirty woman and not using protection, be smart, play it safe and still enjoy yourself.
    audidiablo
  • Hybrid multi-cloud

    With the recent outages at various cloud providers, the need to have a cross-provider approach is becoming more and more obvious.

    Of course, this isn't something that's specific to the cloud - if you're reliant on one provider for anything, there's always a risk that one provider will go down.

    I work for a company that's working on some cool new technology that lets you split a web hosting cluster over many data centres at many different providers (both real physical servers, and cloud server instances). Data is replicated between servers in the cluster, such that any server, or an entire data centre or provider can go off-line, and the rest of the cluster will detect the outage and restore service from a live replicated backup no more than 30 seconds old.

    In other words, what we're doing solves a lot of the problems associated with cloud hosting.

    Another problem you get with the cloud is that most cloud servers are virtualized - the elephant in the room is that virtualization tends to be pretty slow. Our experience performance testing shows that real physical servers still perform orders of magnitude faster than virtualized cloud server instances. Our software works with both, meaning you can offer cloud web hosting (with all the reliability and redudancy guarantees that implies), without utilizing virtualization, and thus make full usage of computing resource without the overhead.

    If you're interested in what we do, check us out - google for Hybrid Cluster.
    kieran@...
    • RE: Is the cloud still safe? How to survive a cloud computing disaster.

      @kieran@... That's not new either and in the end turns out to be simply more sources to steal the data from. ANY machine that EVER connects to the 'net in ANY WAY is subject to being compromised!
      The fact that I never lose access to any of my data isn't the big thing here: It's making damned sure NO ONE else get it! Colocatiion, done wrong, only makes it easier for the criminal minds.
      Think about it. A theft could go unreported for a long, long time. A theft does NOT mean the data has gone missing!
      tom@...
  • And you wonder why business does not trust the cloud

    If you are an end-user, loss of cloud access is mostly an inconvenience - one which will likely send you to another vendor in short order. Even the hassles of having to watch out for identity theft is minor compared to what a business has to cope with. If you are a business, lost of access to your cloud based data costs you customers, costs you orders, and - in the event of a security breach - costs your customers' trust in you.
    M Wagner
  • The Island of Misfit Articles (and Authors ... and Editors)

    The author knew full well when he keyed "Is the cloud still safe" that this would generate reader response. And that's all he really cared about, and we all know it. And he knows it.

    Hyperbole is a "journalists" best friend, because it generates reaction, which is what advertisers look for, because for them, all publicity is good publicity. NONE of which has anything to do with what the author actually wants to talk about, which is "how to safely optimize use of the cloud as one of many storage approaches". But the author is taught by his editor (and his own experience of other editors) that an article entitled "How to Optimize Cloud Usage as One Part of Your Storage Strategy" simply wouldn't generate the barrage of responses they're looking for. So, as we all know, we entitle the article in a way that's bound to tweak the sensibilities of the thoughtful readership, and the rest is history.
    unconditionalliving@...
  • Is THE CLOUD SAFE? Has it ever been?

    Uhm................... NO!
    notme403@...
    • RE: Is the cloud still safe? How to survive a cloud computing disaster.

      @notme403@...
      Umm, YES. Think some more about it; avoid the knee jerks.
      tom@...
  • RE: Is the cloud still safe? How to survive a cloud computing disaster.

    Cloud. Look, the cloud is nothing more than someone else controlling your data... People you don't know managing servers in places that you don't know about.

    So, you have an agreement in writing that the inexpensive and convenient plethora of services that you are using will be up 99.99% of the time. If they don't have service for a couple of days, or weeks in Sony's case, the agreement means NOTHING. It is just a panacea that you may use in litigation, but in real operational terms it is worthless. So, they get hacked and you and your employees identities are now being used by Russian mafia... Too friggin bad. Yeah, it was inexpensive AND convenient.
    notme403@...
  • RE: Is the cloud still safe? How to survive a cloud computing disaster.

    NO NO NO NO NO NO NO NO IT IS NOT SAFE AT ALL
    I HAVE BEEN TOLD AND READ HACKERS ARE GOING TO LOVE IT MICROSOFT IS SO UNSAFE IT IS SCARY ...........
    ttx19
  • RE: Is the cloud still safe? How to survive a cloud computing disaster.

    Is the cloud safe? LMAO

    It's bad enough that companies can't create a hack free product at all...now we suddenly trust them to host everything? LOL It's Skynet in the making! Even with a warning from Hollywood in 80's won't stop a cocky developer!
    Rob.sharp
  • In defense of LastPass . . . and thoughts about the "cloud"

    "The problem was that the company didn?t use best practices"

    Actually, they were, AFAIK.

    "and was completely unprepared for all its customers trying to change their passwords ? all at the same time."

    Very, very few cloud based services can handle that, to be honest. They *do* tend to rely on the idea that not everybody's using the service simultaneously.

    "Before you go, here?s all you need to know to register for Friday?s webcast."

    No thanks, I consider ZDNet to be entertainment more than anything. Very few people here really seem to be credible experts. They go out of their way to defend their favorite tech rather than admit that nothing's perfect and admit flaws in their favorite tech.

    The "cloud" is not perfect - like everything else, it has its flaws. Until other ZDNet authors start admitting that, I consider ZDNet to be entertainment, not a credible tech site.

    "In fact, a series of recent cloud computing failures demonstrate just how damaging they can be when it comes to the potentially permanent loss of information."

    That's the inherit problem with "cloud" (can we please stop using that term someday?) computing. It's everybody's eggs in one basket.

    The security of a web service may be theoretically strong - but when it fails, it fails very catastrophically.

    Theory simply does not match reality when it comes to the security of "cloud" services. I am not convinced they are as secure as they claim.
    CobraA1