January 12, 2011 at 10:38 am
kminchau (1/12/2011)
I just want to point out that Microsoft has indeed posted the cause of the outage. It was not due to SQL Server, or load balancing, but due to an automated test script that accidentally deleted real user accounts instead of only deleting the test accounts that it created. More info on the Windows Live blog:--KM
oh. That makes me feel better :crazy:
...
-- FORTRAN manual for Xerox Computers --
January 12, 2011 at 11:29 am
Nothing said that this was totally a human error, that all the accounts/emails/folders were restored. Failures will happen whether you are in house or on the cloud. This information was released last week by Microsoft and reported online by PC Magazine.
January 12, 2011 at 11:52 am
The more I think about this, this actually is to me more reason or at least support to move to the cloud. The provider (MS) lost the data, it was reported then they restored it. What do you do when a user tells you their email account is gone. You probably go to your backups and restore them, with Hotmail it just happened to affect a large number of users. We have over 75,000 branded Hotmail accounts none of which were affected. Think about it this way, what if it were your in house email server and you wrote the faulty script, would you be able to restore all of the accounts and data? Would you want to have that problem?
January 12, 2011 at 12:24 pm
Redundancy is the only answer to this kind of thing that makes any kind of sense to me.
Avoiding "the cloud" because it's "less secure" assumes that your local servers/computers are completely secure. Most security issues are with authorized, authenticated users doing things that they ethically/morally/legally shouldn't, but that they have to be able to in order to do their jobs. E.g.: Pulling customer lists for marketing campaigns is their job, but they're pulling them to sell online. How does local vs cloud have any effect at all on this?
Keep your data in two places if it matters. Three if it's important. Four or more if it's critical. E.g.: RAID-10 is 2 places, backups to a local tape drive makes it 3, copying the backup to "the cloud" is now 4. The fourth could just as easily be an offshore data store or any of a variety of other solutions. And so on.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
January 12, 2011 at 1:14 pm
GSquared (1/12/2011)
...Keep your data in two places if it matters. Three if it's important. Four or more if it's critical. E.g.: RAID-10 is 2 places, backups to a local tape drive makes it 3, copying the backup to "the cloud" is now 4. The fourth could just as easily be an offshore data store or any of a variety of other solutions. And so on.
If you're just storing in the cloud, sure. But that's not what we're being sold. If your database processing is located int the cloud, how do you have multiple copies?
...
-- FORTRAN manual for Xerox Computers --
January 12, 2011 at 1:23 pm
jay holovacs (1/12/2011)
GSquared (1/12/2011)
...Keep your data in two places if it matters. Three if it's important. Four or more if it's critical. E.g.: RAID-10 is 2 places, backups to a local tape drive makes it 3, copying the backup to "the cloud" is now 4. The fourth could just as easily be an offshore data store or any of a variety of other solutions. And so on.If you're just storing in the cloud, sure. But that's not what we're being sold. If your database processing is located int the cloud, how do you have multiple copies?
Check with the provider what level of data redundancy they provide.
If they can't/won't answer that, don't use their service.
It's like the lost backups issue with Carbonite (online file backup service). Turned out their whole service was being stored on a single gigantic RAID-0 array in one big server farm. It went bad, losing ALL backups for ALL customers. For most of their customers, this just meant their system had to load a fresh backup onto it once they got the service back up. For anyone whose system went down at the same time, it meant NO backups just when they needed them. Carbonite tried desperately to convince people that this was okay, that this came under the heading of "nobody could have done anything to prevent this", but didn't really do very good at that. But, last I checked, they're still in business.
Why didn't people know that their data was being stored in a very loss-likely set up? Because Carbonite's marketing materials didn't say so, and nobody thought to ask.
So, ask.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
January 12, 2011 at 1:28 pm
CriticalStatus (1/12/2011)
Hey SteveInteresting thought. Made me think about how we would handle availability within our control. Another thought popped as I finished reading your article.
Can you replicate between different vendor clouds? :unsure:
I'm sure someone will allow this, but don't forget that this can get $$ and defeat some of the purpose of having a cloud. You pay for CPU, Disk, and network transfer, so replicating could get $$$.
January 12, 2011 at 1:30 pm
jay holovacs (1/12/2011)
GSquared (1/12/2011)
...Keep your data in two places if it matters. Three if it's important. Four or more if it's critical. E.g.: RAID-10 is 2 places, backups to a local tape drive makes it 3, copying the backup to "the cloud" is now 4. The fourth could just as easily be an offshore data store or any of a variety of other solutions. And so on.If you're just storing in the cloud, sure. But that's not what we're being sold. If your database processing is located int the cloud, how do you have multiple copies?
You need a strong backup/redundancy solution. They will come, but whether they are cost effective is another matter
January 12, 2011 at 2:19 pm
we had a perfect experience the other day that should cause some concern for those wanting the cloud. Verizon lost a core router in our area and thus we lost primary connectivity. Granted we were able to utilize our secondary data connection however it does cause some grief and troubles. So many worry about the cloud itself but there are other issues in distributed computing to keep in mind. Can you once every year or two handle a complete business hault when the fiber line gets cut or the ISP goes down.
January 12, 2011 at 2:29 pm
I'm afraid this misses the point: 'Avoiding "the cloud" because it's "less secure" assumes that your local servers/computers are completely secure.'
Security--unlike resiliency, redundancy and availability--decreases with additional access methods and paths. Depending on the method or path, it decreases not just dramatically but even exponentially. It is not just the storage itself but every device, every operating system, every program, every function, and every person involved with access or storage which add their own chance of irregular or unlawful distribution.
For redundancy, we seek to avoid convergence to the single point. Security is the opposite. Best security most often, perhaps always, lies along the single path. The more restrictive the path, the better.
This is the reason that vaults have only one door, themselves sit behind locked doors, and why they don't reside in the cloud.
January 12, 2011 at 4:58 pm
Robert Hermsen (1/12/2011)
we had a perfect experience the other day that should cause some concern for those wanting the cloud. Verizon lost a core router in our area and thus we lost primary connectivity. Granted we were able to utilize our secondary data connection however it does cause some grief and troubles. So many worry about the cloud itself but there are other issues in distributed computing to keep in mind. Can you once every year or two handle a complete business hault when the fiber line gets cut or the ISP goes down.
This was a huge argument against Salesforce years ago. They have had outages, and businesses have halted for hours, maybe days. They survived.
I have had substantial outages at work in companies of various sizes as well and they've survived.
January 12, 2011 at 4:59 pm
john.richter (1/12/2011)
I'm afraid this misses the point: 'Avoiding "the cloud" because it's "less secure" assumes that your local servers/computers are completely secure.'...
This is the reason that vaults have only one door, themselves sit behind locked doors, and why they don't reside in the cloud.
You are right and wrong here. Similar arguments were made against web servers being off-premises. Today tons of companies do this and it works.
Not saying the cloud works for everyone, but blankly saying that a cloud service is going to be less secure than something you run is not necessarily true.
January 12, 2011 at 7:50 pm
I have seen a number of clients who would be much better off if they used a cloud service simply because their local work practices and infrastructure is not all that good. In this case, the cloud services would be a better option.
Typically, our larger clients have better practices and infrastructure and are fairly concerned about data security. I think cloud computing is a fair way off for these clients
January 13, 2011 at 2:20 am
Steve Jones - SSC Editor (1/12/2011)
You are right and wrong here. Similar arguments were made against web servers being off-premises. Today tons of companies do this and it works.Not saying the cloud works for everyone, but blankly saying that a cloud service is going to be less secure than something you run is not necessarily true.
I was referring specifically to adding cloud access to data also kept internally. At that point you have two vaults. No matter how the books are cooked, the number of paths to the data has increased, and the number of possible flaws in security has increased dramatically.
However, even if referring only to cloud storage, it still comes down to component count and access paths. Each item on each path that can be corrupt or be corrupted increases the odds of unauthorized access. With cloud storage it is likely that even the rough calculation of what I call an "insecurity quotient" may be impossible for a customer to know.
It is true that the equation's results can be reversed. It is possible that a site's internal storage is less secure than a provider's external site--after all, it is strictly a matter of practices, access paths, number of users, and component counts. An external site could, for instance, have better practices. However the odds are that the external site has more users, paths, and components. Any equation for security has to calculate with all the factors.
I'll say it again, each component adds to the risk. Moreover, it is the count of the component--a hundred PC's and users with access gives a much greater probability of compromise than one PC and user with the same access.
Place a pile of your money in the center of an intersection. Do this in New York. Do you fear for your money? Me too--lots of uncontrolled practices, users, paths and components. Now put the same amount on two widely separate intersections. Not feeling very secure, right? Then put it all on a desert atoll a thousand miles from the nearest neighbor. That feels safer--and very, very likely is. The components and access paths have been reduced. The practices have been simplified. Still, can there be a hurricane on that island? Do the local birds like currency? Even alone in the center of the ocean, there are factors--but fewer of them. Hence, less effort can still leave a better chance to be secure.
Of course it's a balancing act. The safest data is found in the pounded ashes of burnt papers--but it's now inaccessible. No balance. The problem comes from pretending that there are no security factors or that they are incalculable or that they always work out to the same result.
January 13, 2011 at 7:01 am
john.richter (1/13/2011)
Steve Jones - SSC Editor (1/12/2011)
You are right and wrong here. Similar arguments were made against web servers being off-premises. Today tons of companies do this and it works.Not saying the cloud works for everyone, but blankly saying that a cloud service is going to be less secure than something you run is not necessarily true.
I was referring specifically to adding cloud access to data also kept internally. At that point you have two vaults. No matter how the books are cooked, the number of paths to the data has increased, and the number of possible flaws in security has increased dramatically.
However, even if referring only to cloud storage, it still comes down to component count and access paths. Each item on each path that can be corrupt or be corrupted increases the odds of unauthorized access. With cloud storage it is likely that even the rough calculation of what I call an "insecurity quotient" may be impossible for a customer to know.
It is true that the equation's results can be reversed. It is possible that a site's internal storage is less secure than a provider's external site--after all, it is strictly a matter of practices, access paths, number of users, and component counts. An external site could, for instance, have better practices. However the odds are that the external site has more users, paths, and components. Any equation for security has to calculate with all the factors.
I'll say it again, each component adds to the risk. Moreover, it is the count of the component--a hundred PC's and users with access gives a much greater probability of compromise than one PC and user with the same access.
Place a pile of your money in the center of an intersection. Do this in New York. Do you fear for your money? Me too--lots of uncontrolled practices, users, paths and components. Now put the same amount on two widely separate intersections. Not fealing very secure, right? Then put it all on a desert atoll a thousand miles from the nearest neighbor. That feels safer--and very, very likely is. The components and access paths have been reduced. The practices have been simplified. Still, can there be a hurricane on that island? Do the local birds like currency? Even alone in the center of the ocean, there are factors--but fewer of them. Hence, less effort can still leave a better chance to be secure.
Of course it's a balancing act. The safest data is found in the pounded ashes of burnt papers--but it's now inaccessible. No balance. The problem comes from pretending that there are no security factors or that they are incalculable or that they always work out to the same result.
Yes, security and accessibility are always inversely proportional. "A secret is something known by only one person, or by two people if one of them is dead."
Legend has it (might be true) that there was a guy who, in the 1930s in the US, became certain that war was going to break out and that the US wasn't safe any more from potential aggressors like Japan and Germany. So he scoped out his options and picked the safest place in the world to move to, and island lost in the vastness of the Pacific Ocean, practially unknown, barely on any maps, uninhabited, and in all other possible ways, "secure". The island's name? Iwo Jima. (Look it up if you somehow missed that one in history classes.)
I also heard about a guy who may take issue with the concept that bank vaults are secure. Name was something like John Dillinger.
Regardless of these anecdotes and analogies to bank vaults and remote islands, data security is more about screening and auditing those who are allowed to have access than about preventing those who aren't, these days. The prevention point is pretty standard, reasonably robust, definitely inadequate and stupid (really, usernames and passwords are still the best we can do?), but the majority of significant data breaches are inside jobs. As Dilbert's PHB pointed out one time, "100% of employee sabotage is done by employees!" He may be an idiot, but the joke has enough truth in it to say something.
Cloud or local, that's got to be the main point of focus, once standard, reasonable security measures are in place.
Which is why my main issue with "cloud computing" is access and DR, not security. It can, in reasonable circumstances, be secure enough. Probably more secure than most small businesses can achieve on their own expertise. But is that "cloud" a single server in a hurricane-prone location, or is it truly distributed storage with redundant access to storage on multiple continents, or something in between? That's the point I think needs to be emphasized in negotiations about these things.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 15 posts - 16 through 30 (of 45 total)
You must be logged in to reply to this topic. Login to reply