Storagebod Rotating Header Image

Current Affairs

Wikileaks, Cloud and Lessons

Dec 13th, 2010
by Martin Glassborow.
4 comments

So what does the Wikileaks saga have to teach us about Cloud, if anything? Actually I think that there are a number of lessons to be learnt.

1) The first lesson actually has nothing to do with the Cloud and certainly nothing to do with the debate about private versus public Cloud. Without people leaking data to Wikileaks, there would be no Wikileaks; Wikileaks is not about hacking really, it's more often about people already having access to the data taking it away with them and leaking it. 

Make sure that only the people who need access to the data have access to the data and make sure the distribution of such data is controlled. Flashdrives etc are very convenient but they also make it relatively easy for someone walk away with large quantities of data. The move to towards 'Bring Your Own Device' type Corporate IT could open new conduits for 'data theft'. Be aware, you may be allowing people to bypass your perimeter security and that brings risks.

2) The actions of your Cloud provider may put your own environment at risk. If you decide to run your systems in the Public Cloud, if your Cloud provider does something which leads it vulnerable to attack etc; your services might be impacted. Obviously, this is true of not just Cloud but any hosted environment or even arguably any service provider. For example, your network provider may manage to piss off a number of people and find itself under a DDOS and this might impact your operations. 

However, most sensible organisations ensure that they have their network services provisioned from multiple network providers. You should apply the same principle to your Cloud environments; running in the Cloud does not abrogate the requirement for proper DR and BC planning. If the EC2 Cloud goes down and you have no way of carrying out your Business; you are pretty much guilty of negligence.  

3) Amazon's Cloud is remarkably robust and it has certainly survived a number of DDOS attacks over the past few days; whether the outage last night in Europe was due to a hardware failure or a DDOS has yet to be fully revealed. If I was an AWS customer, I would be more concerned about a hardware failure/issue having such wide ranging implications; if it was a concerted attack against Amazon, well the fact that they managed to get themselves up and working again so quickly, that's pretty impressive. If your organisation underwent a concerted attack, would you recover as quickly?

Hopefully Amazon will disclose everything that went on and allow us all to learn from the events. 

4) Understand the 'Terms of Service' of your providers; if your actions endanger service to all, you might find that your service is withdrawn as a precautionary measure. You may feel that this is censorship but at the end of the day, if your service provider takes a business decision to sacrifice your service to protect the rest of their customers and their business; that is something that you are probably going to have to live with.

5) The Internet still often operates like a wild frontier…beware of signs saying 'Here Be Dragons', they may be telling the truth.

 

Do you have an Umbrella?

Oct 5th, 2009
by Martin Glassborow.
No comments yet

Every now and then, we have 'interesting' conversations at work about morbid subjects; recently we had a discussion about another 9/11 and whether our systems could cope with it. Not the systems that you get to see but our internal systems and how we scale for peak load and what peak load actually means. Scaling web-servers is pretty easy but other systems don't necessarily scale so easily.

We had recently put a new system in and then Michael Jackson went and died; so that was a good test for the system, which coped pretty well. Tragic events are what generates traffic; that and England winning the World Cup but we have generally have to deal with tragedies not miracles.

But web-sites, phone-systems, networks can all fail when under extreme load; in fact, pretty much every form of utility is massively over-subscribed pretty much by design. If everyone got in their cars at the same time, the road network would melt-down. Flights are regularly over-sold, certainly by the budget providers. If everyone in the UK decides to make a cup of tea at the same time, the power-grid suffers.

This led me on to thinking about the Public Cloud; what level of over-subscription do the Public Cloud providers sustain in the forms of 'reserved instances' and how many instances can they actually support all coming up at one time. How much storage does Amazon actually have?

If you are going to bet your business on the Cloud, you probably ought to know and you probably ought to know what kind of events will cause you to burst and probably what will cause everyone else sharing the Cloud with you to burst. And what you are going to do if the Cloud does burst? Do you know where your umbrella is? Or at least the candles to dry you out.

You Gotta Love Larry

Sep 22nd, 2009
by Martin Glassborow.
4 comments

You really have to love Larry Ellison of Oracle; if there is one thing that you cannot acuse him of and that is being a shy retiring violet. But his latest pronouncements on becoming the new IBM; not the IBM we have today but the monopolistic (although very successful) monster of Thomas Watson Jr's day.

The IBM which manipulated the market, the big arrogant beast? Do we really want this to happen? Does anyone really want the IBM of the past back? I don't, do you? Perhaps he thinks that today's crop of ITers don't remember that IBM gouged the market with their prices for years. Is this the message that he is really sending out!

However to be honest, I don't think he stands a hope in hell of becoming the behemoth; there is too much competition out there and that in my mind is good.