Upload
white-paper
View
1.343
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Zack Whittaker What possible computer disasters can be associated with "cloud computing"?
http://blogs.zdnet.com/igeneration Page 1 of 7
What possible computer disasters can be associated with "cloud computing"?
Zack Whittaker
This was originally submitted as an essay to the University of Kent exam board on the 20
th November 2008, and is
covered by UK intellectual copyright laws. Although now in the public domain, this paper cannot be reproduced,
copied, edited or submitted by anybody without prior consent from the author. As an academic article, all copyright and rights were passed from the author to the University of Kent, Canterbury, Kent, United Kingdom on submission.
Zack Whittaker What possible computer disasters can be associated with "cloud computing"?
http://blogs.zdnet.com/igeneration Page 2 of 7
“Cloud computing” is a difficult term to explain to most; even
to technologists and IT professionals, the concept of
computing in the cloud is a wide, generic term for many
specific areas within online environment. The “cloud” is
defined as the Internet surrounding every part of our daily
lives, similar to the clouds in the sky. However many new
enterprise related buzzwords have evolved from the original
“computing in the cloud” concept; “software-as-a-service”,
“software + services” (Foley, 2008, pp. 55) which has evolved
as a more Microsoft related term, and “social media” which is
a cornerstone in social networking and development.
With this ever developing cloud concept, more and more
problems are arising from this “golden solution” in the
enterprise arena. This paper will highlight several computing
disasters associated with cloud computing, including natural
disasters and human errors, as well as those not always
necessary connected, but still impact the cloud.
Whilst a common misconception for cloud computing is
merely storage space on the Internet, the cloud offers many
services, infrastructure benefits and scalability which may not
be possible within ordinary local -area enterprise networks
(Whittaker, 2008). When cloud storage is used as the primary
location of files and documents, a certain trust is left in the
hands of the storage provider to ensure certain steps are
taken to prevent data loss and maintain the integrity of the
file system (Weiss, 2007); enabling maximum uptime,
reducing downtime and sustain the highest levels of physical
protection and data security.
When something affects cloud storage, things can go
disastrously wrong for many end users. Whilst data which is
stored in the cloud isn’t actuall y stored in the cloud; rather a
datacenter housing hundreds of servers and thousands of
networking cables, physical disasters are one of the greater
threats to the cloud.
As physical disasters go, some will affect the entire cloud, or
entire datacenter if you think geologically or physically, and
some will affect portions or individual sections. Natural
disasters are a great concern to those who run and use cloud
computing services (Togio, 2002). As many natural disasters
are unpredictable, from floods to earth tremors, volcanoes
and tsunamis, recovering from these disasters are often
impossible.
Preventing disasters from affecting the cloud itself is the only
realistic thing the staff, management and planners can
foresee. Nobody would build a datacenter; let alone any
business venture, government building, school or hospital, or
any building or structure of importance in a geographic
location where an active or dormant volcano lies, for example.
In cases of cloud downtime or event which causes the cloud to
fail, a backup solution is often used in an alternate location.
This ensures a constant stream of data being backed up to an
alternate datacenter, away from any potential natural
disaster, but keeping data secure and maximising authorised
accessibility (Beard, 2008).
With the current sociological climate in this day and age with
increasing political pressures from all corners of the globe,
terrorism is something to be considered in affecting cloud
services. From two perspectives, terrorists could target
datacenters which hold information (IT Business Edge, 2006)
Cloud Applications and Solutions
Cloud Infrastructure Services
Global Foundation Services
Networking Storage Datacenter IT Staff
Computing power Networking power The CloudThe Cloud
dhcp.ispone.com dhcp.isptwo.comEnd user 1 End user 2DNS
Software providing services
[Fig. 1: A generic cloud supporting two end users]
Zack Whittaker What possible computer disasters can be associated with "cloud computing"?
http://blogs.zdnet.com/igeneration Page 3 of 7
and hinder efforts of those who cause acts of terror, whilst on
the other hand target ordinary, civilian owned datacenters in
efforts to financially ruin a company, and cause massive
repercussions for those who hold data there.
For those who rely on cloud storage to hold backup data, or
essential files, by breaking the services’ code of conduct or
terms of usage, knowingly or unknowingly, can have massive
repercussions for the end user. When an end user
suddenly discovers the content of their cloud storage has been
destroyed, this not only causes the user to become angry and
potentially confused, and this could also deepen into a public-
relations disaster; if for example the person who rec eived
such a message happens to be a notoriously critical journalist
on a leading technology website. If the cloud storage had only
backup data, this wouldn’t be such a disaster for the user. But
many in this day and age with multiple computers, mobile
devices and Internet access practically everywhere, many
store the most treasured, important and valuable data in the
cloud; to enable them to access it anywhere, and also s how
others images or other media content which they are proud of
(Perlow, 2008).
Depending on the kind of company you claim your portion of
the cloud from, as well as the legal background they may have
to cover themselves, many will not recover your data for you
as ‘they may not to have effect on any other code-of-conduct
abiding user’, with l ittle regard for the user who may well be
unaware of the initial cause.
Many of the world leading companies, those which can afford
to build and maintain datacenters, such as Cisco, Microsoft,
Google and IBM, all strive towards the best physical security
possible. Because of the security involved,
ranging from entry gateways with biometrics, smart cards and
keycode entry schemes, to surveillance and location
monitoring devices and high encryption passwords ; it’s very
difficult to either break into a datacenter or to do any damage
– unless you work there (Security Focus, 2008).
A physical assault into the datacenter is almost impossible;
however a number of virtual attacks are possible and highly
likely, depending on many variables such as ease of attack, the
company who runs the datacenter and whether the stored
data is of any monetary value. Cisco Systems (2008) point out
one of their main challenges:
Many datacenters, especially those assembled
quickly during the economic boom of the 1990s,
were rarely built with an emphasis on security. The
resulting application and storage “islands” are often
vulnerable to attack and compromise.
[Fig. 2: Account shutdown notice provided by Microsoft’s Windows Live SkyDrive service]
“
“”
Zack Whittaker What possible computer disasters can be associated with "cloud computing"?
http://blogs.zdnet.com/igeneration Page 4 of 7
As mentioned, an attack on the datacenter can only be
initiated viably from within the security inner-sanctum. With
detailed knowledge of the systems and the security measures,
an outside party could launch a specific distributed denial-of-
service (DDoS) attack against the datacenter ; flooding the
network with unnecessary data and causing the infrastructure
to collapse, breaking the connection between the outside
world and end user, and the datacenter.
One of the most l ikely security breaches which could occur,
and have massive repercussions on the end user, is malicious
and unauthorised access to the users storage or cloud
services. An end user’s finances or income could depend on a
cloud application to provide services for others; another end
user may store sensitive financial data in cloud storage for
‘anywhere and everywhere’ access. By accessing their cloud
without authorisation using credentials without their
knowledge, is not only fraud and could result in criminal
charges being brought, it could also have a severe negative
impact on the end users, and those of which the end user
relies on.
The last computing disaster explained in this paper, is the
financial failing of a company which owns or runs a
datacenter. Datacenters can cost in excess of $400 million
(Harris, 2008) and ongoing costs of maintenance, staffing costs
and security upgrades, not to mention the power
consumption costs; these can all have a massive impact on the
revenue of a company. If a company cannot afford post-short-
term to maintain the costs of a datacenter, without an income
or revenue directly relating to the service to uphold costs, the
service will fail. Having your secure data or valuable
documents stored in a datacenter where the company
providing the service falls into financial difficulty can have
massive repercussions for the end users.
A recent case pointed out by Wainewright (2008) in the Digital
Railroad financial collapse. The company provided a cloud
photograph archiving to over 1,500 users and late October
2008 shut down without warning, due the company’s collapse.
When a company cannot find a suitable partner to take on the
business, it is left to the company to make every effort that
data stored within the datacenter is distributed back to the
owners. However, as Wainewright states, the bandwidth
needed to provide users with the service to download stored
data can exceed supply.
Case study 1 – Technical failures in form of network downtime in the Amazon Simple Storage Service (S3)
The Amazon S3 service is a multi -protocol cloud storage
solution designed for developers , intended for high-scale
distribution and uses a unique geographical object and
location bucket storage fi lling system (Amazon, 2008). Proving
popular with hundreds of thousands of users, offering simple
hosting at extraordinarily cheap costs, many people relied on
this services’ uptime and availability.
However in early February 2008, the entire datacenters’
network froze up, leaving the majority of users to the cloud
[Fig. 3: Typical security structure of a cloud service datacenter. Source: Pandela]
Zack Whittaker What possible computer disasters can be associated with "cloud computing"?
http://blogs.zdnet.com/igeneration Page 5 of 7
service denied access for around four hours (LaMonica, 2008).
An automated set of processes should have kick-started the
cloud service again, but this system also failed. As LaMonica
(2007) notes in another article, this isn’t the first time Amazon
has had difficulties with its cloud storage system, when just
over a year ago the entire service suffered multiple faults
which caused many to reconsider the offerings of the
technology giant.
Whilst some may declare this to be human error, as humans
are ultimately responsible for the running and maintenance of
the machines involved, this was due to technical difficulties
when networking difficulties resulted in the datacenter
‘appearing invisible’; accurate information on the cause of the
outage is sti ll disputed as Amazon’s lack of transparency have
angers many users (Modine, 2008).
Case study 2 – Google’s cloud services and applications suffer a series of technical difficulties
Google is world renowned for its search engine, but have
taken their market share dominance into other areas of
“Enterprise 2.0” (Whittaker, 2008) applications, such as Gmail
and Google Apps, two leading cloud services on the web.
Over the course of a few months, Google had been hit by
numerous different outages, which caused a ruckus in the
online social media scene, such as Twitter (Needleman,
2008a). Although some of the outages had only lasted
approximately 45 minutes, the simple fact of an essential
service to many had been partly offl ine caused enough
disruption for many to be angry about.
Gmail, a rival email service to Microsoft’s Windows Live
Hotmail and Yahoo!’s Mail, also suffered downtime a month
later, due to a technical error which caused an automated
error message to be displayed. Because of the nature of these
two products, there was never any 100% downtime; many
different aspects of the services worked just as well as they
did before the technical issue (Needleman, 2008b), but some
areas of service were affected.
Google in its effort to be as open and honest about the issue
caused some relief however. Google Docs, which should be
noted is still in beta testing stage, had been partially offline to
some for less than an hour due to the “servers that control the
view of the document workspace as well as the home
document l isting” (Lowensohn, 2008). This, again, is a
technical error which much too many misconceptions, simply
do happen out of the blue. The brunt of the downtime for
both products were enterprise customers and partners; those
who use the service to provide a service themselves were hit,
and were found to be ‘in the dark’ for the duration of the
collective downtime.
Just before the Gmail incident, Krigsman (2008) made a point
of highlighting the issue surrounding Google’s policy in data
handling, and our sometimes unknowing willingness to
provide the software with our data. He wrote:
We blindly give Google our data - email, calendar,
bookmarks, search history, and so on. What
happens when Google refuses to give it back?
Angst.
He proceeds on to explain that the loss of data is entirely
unacceptable, whether Google intervenes on somebody’s
account for security reasons or not. In the case of both Gmail
and Google Docs failing, this is not a fault of Google’s, yet the
responsibility it still held by the company. In the same article,
Wainewright (2008), an influential cloud computing
professional, perfectly sums up the state of cloud computing
today:
One point the story highlights is a hard lesson for
users: Don’t trust the cloud at this early stage in its
evolution.
This seems to be quite a trend amongst those in the
technology industry, as Thompson (2008) states that the more
we rely on applications and services in the cloud, the more
problems that are likely. For those using social media
applications such as Twitter, the problems seem less severe
than those who use Enterprise 2.0 applications for
spreadsheets, databasing and document management. Not
only that, certain acts of law as pointed out by Thompson,
such as the US Patriot Act, allow any content hosted on any
device, regardless of sovereign state; which for those who
hold files and documents in the cloud, make their job of
“snooping” much easier than a home invasion of personnel
brandishing warrants and suchlike.
In conclusion, natural or physical disaster to the datacenter which houses the cloud in hardware form would be the main matter of
concern to the company or those involved in the running of the datacenter (IsecT, 2004). On the other hand, r egardless of company
size or volume and magnitude of the cloud, from the findings discussed within this paper, network or computing downtime is the
most detrimental effect to have on the end user. If you have no connectivity to the Internet or from the Internet to the datacenter
where the cloud is hosted, you cannot access what you need to and the entire cloud concept is therefore made redundant.
“”
“
“”
“
“”
Zack Whittaker What possible computer disasters can be associated with "cloud computing"?
http://blogs.zdnet.com/igeneration Page 6 of 7
Bibliography
Amazon Web Services LLC., 2008. Amazon Simple Storage S ervices (Amazon S3). [Online] Available at: http://aws.amazon.com/s3 [Accessed 10th November 2008]
Beard, H., 2008. Cloud Computing Best Practices for Managing and Measuring Processes for On -Demand Computing, Applications and Data Centers in the Cloud with SLA’s. Amazon.com: Emereo.
Cisco Systems, 2008. Securing the Data Center. [E-book]. Available at: http://www.cisco.com/en/US/solutions/ns340/ns517/ns224/ns376/overview_securing_the_data_center.pdf [Accessed 8th November 2008]
Foley, M., J., 2008. Microsoft 2.0: How Microsoft Plans to Stay Relevant in the Post-Gates Era. Indianapolis: Wiley.
Harris, R., 2008. StorageMojo » Building a 1.8 exabyte data center. [Online]. Available at: http://storagemojo.com/2008/10/12/building-a-18-exabyte-data-cente [Accessed 9th November 2008]
IsecT Ltd., 2004. NoticeBored technical briefing: securing physical access and environmental services for datacenters. [E-book] Available at: http://www.noticebored.com/NB_tech_briefing_on_datacenter_security_SAMPLE.pdf [Accessed 9th November 2008]
IT Business Edge, 2006. What Communications Retention Will Mean to ISPs. [Online]. Available at: http://www.itbusinessedge.com/item/?ci=17461 [Accessed 7th November 2008]
Krigsman, M., 2008. Don’t trust Google with your data | IT Project Failures | ZDNet.com . [Online] Available at: http://blogs.zdnet.com/projectfailures/?p=958
[Accessed 10th November 2008]
Kurt, G., [email protected], 2008. RE: SRX1083937461ID - Windows Live SkyDrive. [E-mail]. Message to Z. Whittaker. Sent 7 November 2008, 13:06.
Available at: http://blogs.zdnet.com/igeneration/images/skydrive-email.htm [Accessed 8th November 2008]
LaMonica, M., 2008. Amazon storage 'cloud' service goes dark, ruffles Web 2.0 feathers | Webware - CNET. [Online] Available at: http://news.cnet.com/8301-17939_109-9873068-2.html [Accessed 10th November 2008]
Lowensohn, J., 2008. Google Docs goes down, user data does not [Updated] | Webware - CNET. [Online] Available at: http://news.cnet.com/8301-17939_109-9985608-2.html [Accessed 8th November 2008]
Modine, A., 2008. Web startups crumble under Amazon S3 outage - The Register. [Online] Available at: http://www.theregister.co.uk/2008/02/15/amazon_s3_outage_feb_2008 [Accessed 10th November 2008]
Needleman, R., 2008. Gmail is down, Twitter sizzling with the news | Webware - CNET. [Online] Available at: http://news.cnet.com/8301-17939_109-10014389-2.html
[Accessed 6th November 2008]
Pandella LLC., 2007. About Pandela Team and Project. [Electronic print]
Available at: http://www.pandela.com/about_us.html [Accessed 9th November 2008]
Perlow, J., 2008. Preparing for a Flickr Apocalypse (Updated, with Yahoo response) | Tech Broiler | ZDNet. [Online].
Available at: http://blogs.zdnet.com/perlow/?p=9316 [Accessed 8th November 2008]
Zack Whittaker What possible computer disasters can be associated with "cloud computing"?
http://blogs.zdnet.com/igeneration Page 7 of 7
Security Focus, 2008. Rogue admin blocks San Francisco network. [Online] Available at: http://www.securityfocus.com/brief/776 [Accessed 8th November 2008]
Thompson, B., 2008. BBC NEWS | Technology | Storm warning for cloud computing. [Online] Available at: http://news.bbc.co.uk/1/hi/technology/7421099.stm [Accessed 7th November 2008]
Togio, J., W., 2002. Disaster Recovery Planning: Preparing for the Unthinkable. 3rd ed. New York: Prentice Hall.
Wainewright, P., 2008. Back up your online data. Now. | Software as Services | ZDNet.com. [Online] Available at: http://blogs.zdnet.com/saas/?p=607 [Accessed 10th November 2008]
Wainewright, P., 2008. When Google disowns you | Software as Services | ZDNet.com. [Online] Available at: http://blogs.zdnet.com/saas/?p=575 [Accessed 11th November 2008]
Weiss, A., 2007. Computing in the clouds, netWorker, 11(4), pp. 16-25
Whittaker, Z., 2008. Egnyte: using and sustaining Enterprise 2.0 | Enterprise Alley | ZDNet. [Online]. Available at: http://blogs.zdnet.com/enterprisealley/?p=289 [Accessed 6th November 2008]
Whittaker, Z., 2008. Explaining the buzzwords which students will need to know| iGeneration | ZDNet. [Online]. Available at: http://blogs.zdnet.com/igeneration/?p=576 [Accessed 9th November 2008]