Is the cloud still safe? How to survive a cloud computing disaster.
Summary: The news isn't just limited to Sony and it's not just about hacking attacks. There have been cloud failures at Amazon, Google, Microsoft, and more.
Image courtesy of Flickr user inottawa.
The news just keeps getting worse and worse for Sony. Now, it's Sony Music and Sony Erickson that's being hacked. This after weeks of PlayStation Network downtime and an expansion of bad news into Sony Online (well, offline these days) Entertainment.
See also: More Sony bad news: Sony Online also compromised (this goes beyond the PlayStation Network)
The news isn't just limited to Sony and it's not just about hacking attacks. There have been cloud failures at Amazon, Google, Microsoft, and more.
The Top 5 Tips to Survive a Cloud Computing Disaster
This Friday May 27, I'll be hosting a free, live webcast for CBS Interactive discussing whether the cloud is still safe. I'll be joined by top ZDNet and TechRepublic experts and we'll dive deep into the recent problems of cloud computing, and whether it's still safe to entrust your data to the cloud.
It's at 1:00 PM ET (that's 10:00 AM PT and 5:00 PM GMT). I hope you'll join us, bring questions, and be prepared to help us come to workable, actionable conclusions.
Register at: The Top 5 Tips to Survive a Cloud Computing Disaster
Let's run down the recent list of cloud failures. Then, we'll ask and try to answer the question of whether the cloud is still safe.
Amazon Web Services
AWS was down for about a week. The failure also took down some Web services like Quara, FourSquare, and Reddit that were dependent on Amazon, providing the valuable lesson that if you're going to use a backup cloud provider, make sure it's not using the same service provider you are.
See also: 7 important survival tips Amazon's orphaned 0.07 percent can teach us
PlayStation Network (and all the other Sony woes)
Sony has been the target of one or more sustained attacks by outside actors. It seems that once the company solidifies security on one front, another perimeter is breached and the company once again gets attacked.
A lot of old-time IT professionals have little pity for Sony ever since the rootkit fiasco (see this story from 2005's ZDNet). Even so, the company's just had to weather quite literal storms in terms of the terrible tsunamis and earthquakes in Japan, and so these virtual cloud problems are just making things worse.
Many Sony customers are considering jumping from PlayStation to other platforms, and with E3 coming up in just a few short weeks, it'll be interesting to see how Sony presents these problems to the public -- and whether they've managed to batten down the hatches to any extent.
See also: More Sony bad news: Sony Online also compromised (this goes beyond the PlayStation Network)
Epsilon
Epsilon Data Management found that it hadn't managed it's data all that well. Consumers will wind up paying the price. Epsilon provides mailing services for major consumer companies. A breach of its systems resulted in a loss of more than 60 million email addresses from more than 50 companies you used to, but should no longer, fully trust.
We expect millions of consumers to get very targeted phishing emails, which means, pretty much, that you should never trust any email you get, ever, ever again.
See also: Epsilon data breach: What's the value of an email address?
LastPass
When password management company LastPass thought it might have had a breach, it quite properly shut everything down and began an internal investigation. The problem was that the company didn't use best practices, and was completely unprepared for all its customers trying to change their passwords -- all at the same time.
Millions were shut out of not only LastPass, but also all their other password-based online services, including their email accounts.
See also: We interview LastPass CEO: the human price and the real truth
Blogger
When free blogging service Blogger.com (part of Google) performed some regular maintenance recently, something went wrong. The result was about 30 hours of blog posts were lost.
See also: Google's Blogger outage makes the case against a cloud-only strategy
Android
You might love your Android handset, but it might not love you back. A rather extensive security hole was found in the service, opening the door to all sorts of disturbing penetration possibilities. Google's hard at work fixing the bug, but it's still scary.
See also: Android has a gaping network security hole
« Previous: Sony, Google, and Microsoft failures
Dropbox
Finally, we visit our friends at Dropbox. Dropbox is a Web file system solution and if you have an iPhone and want to use it for anything useful at all, you're probably using Dropbox to supplement the iPhone's internal file system.
Recently the company changed its terms of service, substantially changing their wording for how they manage encryption. Even after I wrote my article below, we've been learning more and more about how the company manages encryption. Short form: it's adequate for most uses, but if you're hiding something, don't count on it staying hidden from the authorities.
See also: If you have something to hide from the government, don't use Dropbox
Friday's webcast
Before you go, here's all you need to know to register for Friday's webcast.
As more and more businesses of all types and sizes continue moving to the cloud for a wide range of IT solutions, the risks from a failure at any of the many cloud computing providers becomes even more important to business and IT professionals.
In fact, a series of recent cloud computing failures demonstrate just how damaging they can be when it comes to the potentially permanent loss of information. Of course, there are also a great number of preventative steps that any organization can take to minimize the impact by simply knowing what to expect when confronted by the unexpected.
Attendees will sign on to this live and interactive ZDNet webcast to learn:
- A better understanding of the rising risks posed by an ever-increasing number of cloud computing solutions and providers.
- Top strategies and tactics to prevent, manage and survive an unexpected failure or loss of cloud computing resources.
- The most promising technologies and solutions to ensure the most reliable and robust protection for cloud-based information and services.
Cloud computing is one of the most important IT innovations ever, but that doesn't mean it isn't without its problems. Join me at this live webcast where I'll be joined by a distinguished panel of international experts, as we uncover The Top 5 Tips to Survive a Cloud Computing Disaster.
Register at: The Top 5 Tips to Survive a Cloud Computing Disaster
List any questions you might have below, and don't forget to attend.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Still safe? The cloud has NEVER been safe!
While someone would not likely mount an attack against a hundred small targets, it is irresistible to them when those hundred can all be hit with a single attack. The cloud enables this.
That's not even going into the productivity loss resulting from down-time on our so-so network infrastructure here in the USA, the issues of data ownership, the issues of privacy when data from one jurisdiction and is stored in another, and the endless list goes on...
Safe? It isn't and never has been.
Regards,
Jon
RE: Is the cloud still safe? How to survive a cloud computing disaster.
Agree 100%.
RE: Is the cloud still safe? How to survive a cloud computing disaster.
+1
No, it is not safe - thanks to one one simple principle ...
The Internet was developed to be free and open. Originally, it was open to military users - all of whom were already in positions of trust. When the Internet was opened to universities, the principles of "academic freedom" kept it open, but it was still relatively secure.
Today, anyone, from any place on Earth can have free and open access to the Internet - and they may do so without leaving any personally identifying information behind.
It truly is like the American Wild West of the Nineteenth Century. Sure there were laws to protect citizens but that made a difference only if the sheriff could find the bad guys.
Today, the bad guys could live across the street or 10,000 miles away.
A bank robber leaves evidence behind - finger prints, DNA, witnesses, images from security cameras, and on occassion a body or two.
A hacker leaves a trail that disappears very fast indeed and, even if the trail is picked up in time, it is costly to trace and often leads to a dead end in some part of the world where law enforcement is weak and slow to respond.
As long as there are deceptive and dishonest people in the world, and the chances of getting caught are exceedingly low, the risks will remain high.
Caveat Emptor.
You Can Say That Again!
It's all been obvious to anyone from the very beginning that this was a likely outcome and that the further descriptions by lazy and ignorant entrepreneurs with no knowledge of security began their big marketing campaigns so as to notify everyone on earth in case they weren't aware yet.
If all goes back to the old saw: If you don't want something compromised, DON'T put it on the 'net! There is no such thing as perfect security and never will be.
RE: Is the cloud still safe? How to survive a cloud computing disaster.
What he said
RE: Is the cloud still safe? How to survive a cloud computing disaster.
Get over it !!!
RE: Is the cloud still safe? How to survive a cloud computing disaster.
Well, actually, it kinda did make "rain" since people were crying when they couldn't access their apps/data/etc...
Hate to see what a hurricane looks like. :)
I agree with Jon - Was never safe; all about revenue streams
And where is "safe" anyway? Japan? The top of mount Everest? You might as well run the servers yourself.
And that doesn't even count the cloud providers that fold up and go home.... Cisco's online Flip storage is the most recent example.
RE: Is the cloud still safe? How to survive a cloud computing disaster.
There is no system on the planet that is bullet proof with the exception of those not connected to the internet. Encryption helps but with evolution of real computers not this Chromebook garbage which is only dumbing down tech and slowing progress real computers will have more power to defeat encryption and I'm sure hackers are hard at work on strong encryption. Simple tools such as John The Ripper which have existed for eons decrypt rather quick and easy.
The in my opinion the ideal would be to have all your personal data and storage local as well backed on the web if desired but also you must be willing to take the risks involved. I keep my data private as it makes me one of billions on the web and the chances I'm singled out is slimmer then if I had all my stuff in the cloud with a billion others and make it a one stop shop data surplus.
Let me ask you this, would you keep all your eggs in one basket in your house or out on the street in traffic? Storage is so cheap these days you could have 10 HDD backups which are offline and away from people looking to "all your base are belong to us". I've always said, the cloud is a great addition but not a solution. Where is the innovation with the cloud? Where are the hardware leaps we look for in computers when we get a standard POS to float through bat weather with? Where is the versatility? What happens on a rainy day and you wanted to play some games? Web browsers are plenty fast these days with greater capabilities to do things online with GPU acceleration but it is only as good as the hardware you're running. Crapbook from Scroogle I'm sure doesn't have a ATI 6870 or nVidia 580 GTX. How do you expect to play things like COD or Crysis online streamed? This brings up another point... With just how far behind our conduit and infrastructure is in this "great" nation our half assed network infrastructure can hardly handle what wimpy crap we throw at it now. We need better network throughput nation wide and more powerful computers (stationary, portable and ultra portable) that are powerful yet power efficient. Look for depth in computing not just convenience. Where will all the innovation go? Google already looks like computing from the early and mid 90s, should we all say f-it and just go back to DOS? I say push ahead and make a more in depth virtual environment both shared online and off. Don't put your precious data and personal info on the web for people to steal. You don't see me hitting up SF hooking up with dirty woman and not using protection, be smart, play it safe and still enjoy yourself.
Hybrid multi-cloud
Of course, this isn't something that's specific to the cloud - if you're reliant on one provider for anything, there's always a risk that one provider will go down.
I work for a company that's working on some cool new technology that lets you split a web hosting cluster over many data centres at many different providers (both real physical servers, and cloud server instances). Data is replicated between servers in the cluster, such that any server, or an entire data centre or provider can go off-line, and the rest of the cluster will detect the outage and restore service from a live replicated backup no more than 30 seconds old.
In other words, what we're doing solves a lot of the problems associated with cloud hosting.
Another problem you get with the cloud is that most cloud servers are virtualized - the elephant in the room is that virtualization tends to be pretty slow. Our experience performance testing shows that real physical servers still perform orders of magnitude faster than virtualized cloud server instances. Our software works with both, meaning you can offer cloud web hosting (with all the reliability and redudancy guarantees that implies), without utilizing virtualization, and thus make full usage of computing resource without the overhead.
If you're interested in what we do, check us out - google for Hybrid Cluster.
RE: Is the cloud still safe? How to survive a cloud computing disaster.
The fact that I never lose access to any of my data isn't the big thing here: It's making damned sure NO ONE else get it! Colocatiion, done wrong, only makes it easier for the criminal minds.
Think about it. A theft could go unreported for a long, long time. A theft does NOT mean the data has gone missing!
And you wonder why business does not trust the cloud
The Island of Misfit Articles (and Authors ... and Editors)
Hyperbole is a "journalists" best friend, because it generates reaction, which is what advertisers look for, because for them, all publicity is good publicity. NONE of which has anything to do with what the author actually wants to talk about, which is "how to safely optimize use of the cloud as one of many storage approaches". But the author is taught by his editor (and his own experience of other editors) that an article entitled "How to Optimize Cloud Usage as One Part of Your Storage Strategy" simply wouldn't generate the barrage of responses they're looking for. So, as we all know, we entitle the article in a way that's bound to tweak the sensibilities of the thoughtful readership, and the rest is history.
Is THE CLOUD SAFE? Has it ever been?
RE: Is the cloud still safe? How to survive a cloud computing disaster.
Umm, YES. Think some more about it; avoid the knee jerks.
RE: Is the cloud still safe? How to survive a cloud computing disaster.
So, you have an agreement in writing that the inexpensive and convenient plethora of services that you are using will be up 99.99% of the time. If they don't have service for a couple of days, or weeks in Sony's case, the agreement means NOTHING. It is just a panacea that you may use in litigation, but in real operational terms it is worthless. So, they get hacked and you and your employees identities are now being used by Russian mafia... Too friggin bad. Yeah, it was inexpensive AND convenient.
RE: Is the cloud still safe? How to survive a cloud computing disaster.
I HAVE BEEN TOLD AND READ HACKERS ARE GOING TO LOVE IT MICROSOFT IS SO UNSAFE IT IS SCARY ...........
RE: Is the cloud still safe? How to survive a cloud computing disaster.
It's bad enough that companies can't create a hack free product at all...now we suddenly trust them to host everything? LOL It's Skynet in the making! Even with a warning from Hollywood in 80's won't stop a cocky developer!
In defense of LastPass . . . and thoughts about the "cloud"
Actually, they were, AFAIK.
"and was completely unprepared for all its customers trying to change their passwords ? all at the same time."
Very, very few cloud based services can handle that, to be honest. They *do* tend to rely on the idea that not everybody's using the service simultaneously.
"Before you go, here?s all you need to know to register for Friday?s webcast."
No thanks, I consider ZDNet to be entertainment more than anything. Very few people here really seem to be credible experts. They go out of their way to defend their favorite tech rather than admit that nothing's perfect and admit flaws in their favorite tech.
The "cloud" is not perfect - like everything else, it has its flaws. Until other ZDNet authors start admitting that, I consider ZDNet to be entertainment, not a credible tech site.
"In fact, a series of recent cloud computing failures demonstrate just how damaging they can be when it comes to the potentially permanent loss of information."
That's the inherit problem with "cloud" (can we please stop using that term someday?) computing. It's everybody's eggs in one basket.
The security of a web service may be theoretically strong - but when it fails, it fails very catastrophically.
Theory simply does not match reality when it comes to the security of "cloud" services. I am not convinced they are as secure as they claim.