Zack Whittaker What possible computer disasters can be associated with "cloud computing"?

http://blogs.zdnet.com/igeneration Page 1 of 7

What possible computer disasters can be associated with "cloud computing"?

Zack Whittaker

This was originally submitted as an essay to the University of Kent exam board on the 20

th November 2008, and is

covered by UK intellectual copyright laws. Although now in the public domain, this paper cannot be reproduced,

copied, edited or submitted by anybody without prior consent from the author. As an academic article, all copyright and rights were passed from the author to the University of Kent, Canterbury, Kent, United Kingdom on submission.

Zack Whittaker What possible computer disasters can be associated with "cloud computing"?

http://blogs.zdnet.com/igeneration Page 2 of 7

“Cloud computing” is a difficult term to explain to most; even

to technologists and IT professionals, the concept of

computing in the cloud is a wide, generic term for many

specific areas within online environment. The “cloud” is

defined as the Internet surrounding every part of our daily

lives, similar to the clouds in the sky. However many new

enterprise related buzzwords have evolved from the original

“computing in the cloud” concept; “software-as-a-service”,

“software + services” (Foley, 2008, pp. 55) which has evolved

as a more Microsoft related term, and “social media” which is

a cornerstone in social networking and development.

With this ever developing cloud concept, more and more

problems are arising from this “golden solution” in the

enterprise arena. This paper will highlight several computing

disasters associated with cloud computing, including natural

disasters and human errors, as well as those not always

necessary connected, but still impact the cloud.

Whilst a common misconception for cloud computing is

merely storage space on the Internet, the cloud offers many

services, infrastructure benefits and scalability which may not

be possible within ordinary local -area enterprise networks

(Whittaker, 2008). When cloud storage is used as the primary

location of files and documents, a certain trust is left in the

hands of the storage provider to ensure certain steps are

taken to prevent data loss and maintain the integrity of the

file system (Weiss, 2007); enabling maximum uptime,

reducing downtime and sustain the highest levels of physical

protection and data security.

When something affects cloud storage, things can go

disastrously wrong for many end users. Whilst data which is

stored in the cloud isn’t actuall y stored in the cloud; rather a

datacenter housing hundreds of servers and thousands of

networking cables, physical disasters are one of the greater

threats to the cloud.

As physical disasters go, some will affect the entire cloud, or

entire datacenter if you think geologically or physically, and

some will affect portions or individual sections. Natural

disasters are a great concern to those who run and use cloud

computing services (Togio, 2002). As many natural disasters

are unpredictable, from floods to earth tremors, volcanoes

and tsunamis, recovering from these disasters are often

impossible.

Preventing disasters from affecting the cloud itself is the only

realistic thing the staff, management and planners can

foresee. Nobody would build a datacenter; let alone any

business venture, government building, school or hospital, or

any building or structure of importance in a geographic

location where an active or dormant volcano lies, for example.

In cases of cloud downtime or event which causes the cloud to

fail, a backup solution is often used in an alternate location.

This ensures a constant stream of data being backed up to an

alternate datacenter, away from any potential natural

disaster, but keeping data secure and maximising authorised

accessibility (Beard, 2008).

With the current sociological climate in this day and age with

increasing political pressures from all corners of the globe,

terrorism is something to be considered in affecting cloud

services. From two perspectives, terrorists could target

datacenters which hold information (IT Business Edge, 2006)

Cloud Applications and Solutions

Cloud Infrastructure Services

Global Foundation Services

Networking Storage Datacenter IT Staff

Computing power Networking power The CloudThe Cloud

dhcp.ispone.com dhcp.isptwo.comEnd user 1 End user 2DNS

Software providing services

[Fig. 1: A generic cloud supporting two end users]

Zack Whittaker What possible computer disasters can be associated with "cloud computing"?

http://blogs.zdnet.com/igeneration Page 3 of 7

and hinder efforts of those who cause acts of terror, whilst on

the other hand target ordinary, civilian owned datacenters in

efforts to financially ruin a company, and cause massive

repercussions for those who hold data there.

For those who rely on cloud storage to hold backup data, or

essential files, by breaking the services’ code of conduct or

terms of usage, knowingly or unknowingly, can have massive

repercussions for the end user. When an end user

suddenly discovers the content of their cloud storage has been

destroyed, this not only causes the user to become angry and

potentially confused, and this could also deepen into a public-

relations disaster; if for example the person who rec eived

such a message happens to be a notoriously critical journalist

on a leading technology website. If the cloud storage had only

backup data, this wouldn’t be such a disaster for the user. But

many in this day and age with multiple computers, mobile

devices and Internet access practically everywhere, many

store the most treasured, important and valuable data in the

cloud; to enable them to access it anywhere, and also s how

others images or other media content which they are proud of

(Perlow, 2008).

Depending on the kind of company you claim your portion of

the cloud from, as well as the legal background they may have

to cover themselves, many will not recover your data for you

as ‘they may not to have effect on any other code-of-conduct

abiding user’, with l ittle regard for the user who may well be

unaware of the initial cause.

Many of the world leading companies, those which can afford

to build and maintain datacenters, such as Cisco, Microsoft,

Google and IBM, all strive towards the best physical security

possible. Because of the security involved,

ranging from entry gateways with biometrics, smart cards and

keycode entry schemes, to surveillance and location

monitoring devices and high encryption passwords ; it’s very

difficult to either break into a datacenter or to do any damage

– unless you work there (Security Focus, 2008).

A physical assault into the datacenter is almost impossible;

however a number of virtual attacks are possible and highly

likely, depending on many variables such as ease of attack, the

company who runs the datacenter and whether the stored

data is of any monetary value. Cisco Systems (2008) point out

one of their main challenges:

Many datacenters, especially those assembled

quickly during the economic boom of the 1990s,

were rarely built with an emphasis on security. The

resulting application and storage “islands” are often

vulnerable to attack and compromise.

[Fig. 2: Account shutdown notice provided by Microsoft’s Windows Live SkyDrive service]

“

“”

Zack Whittaker What possible computer disasters can be associated with "cloud computing"?

http://blogs.zdnet.com/igeneration Page 4 of 7

As mentioned, an attack on the datacenter can only be

initiated viably from within the security inner-sanctum. With

detailed knowledge of the systems and the security measures,

an outside party could launch a specific distributed denial-of-

service (DDoS) attack against the datacenter ; flooding the

network with unnecessary data and causing the infrastructure

to collapse, breaking the connection between the outside

world and end user, and the datacenter.

One of the most l ikely security breaches which could occur,

and have massive repercussions on the end user, is malicious

and unauthorised access to the users storage or cloud

services. An end user’s finances or income could depend on a

cloud application to provide services for others; another end

user may store sensitive financial data in cloud storage for

‘anywhere and everywhere’ access. By accessing their cloud

without authorisation using credentials without their

knowledge, is not only fraud and could result in criminal

charges being brought, it could also have a severe negative

impact on the end users, and those of which the end user

relies on.

The last computing disaster explained in this paper, is the

financial failing of a company which owns or runs a

datacenter. Datacenters can cost in excess of $400 million

(Harris, 2008) and ongoing costs of maintenance, staffing costs

and security upgrades, not to mention the power

consumption costs; these can all have a massive impact on the

revenue of a company. If a company cannot afford post-short-

term to maintain the costs of a datacenter, without an income

or revenue directly relating to the service to uphold costs, the

service will fail. Having your secure data or valuable

documents stored in a datacenter where the company

providing the service falls into financial difficulty can have

massive repercussions for the end users.

A recent case pointed out by Wainewright (2008) in the Digital

Railroad financial collapse. The company provided a cloud

photograph archiving to over 1,500 users and late October

2008 shut down without warning, due the company’s collapse.

When a company cannot find a suitable partner to take on the

business, it is left to the company to make every effort that

data stored within the datacenter is distributed back to the

owners. However, as Wainewright states, the bandwidth

needed to provide users with the service to download stored

data can exceed supply.

Case study 1 – Technical failures in form of network downtime in the Amazon Simple Storage Service (S3)

The Amazon S3 service is a multi -protocol cloud storage

solution designed for developers , intended for high-scale

distribution and uses a unique geographical object and

location bucket storage fi lling system (Amazon, 2008). Proving

popular with hundreds of thousands of users, offering simple

hosting at extraordinarily cheap costs, many people relied on

this services’ uptime and availability.

However in early February 2008, the entire datacenters’

network froze up, leaving the majority of users to the cloud

[Fig. 3: Typical security structure of a cloud service datacenter. Source: Pandela]

Zack Whittaker What possible computer disasters can be associated with "cloud computing"?

http://blogs.zdnet.com/igeneration Page 5 of 7

service denied access for around four hours (LaMonica, 2008).

An automated set of processes should have kick-started the

cloud service again, but this system also failed. As LaMonica

(2007) notes in another article, this isn’t the first time Amazon

has had difficulties with its cloud storage system, when just

over a year ago the entire service suffered multiple faults

which caused many to reconsider the offerings of the

technology giant.

Whilst some may declare this to be human error, as humans

are ultimately responsible for the running and maintenance of

the machines involved, this was due to technical difficulties

when networking difficulties resulted in the datacenter

‘appearing invisible’; accurate information on the cause of the

outage is sti ll disputed as Amazon’s lack of transparency have

angers many users (Modine, 2008).

Case study 2 – Google’s cloud services and applications suffer a series of technical difficulties

Google is world renowned for its search engine, but have

taken their market share dominance into other areas of

“Enterprise 2.0” (Whittaker, 2008) applications, such as Gmail

and Google Apps, two leading cloud services on the web.

Over the course of a few months, Google had been hit by

numerous different outages, which caused a ruckus in the

online social media scene, such as Twitter (Needleman,

2008a). Although some of the outages had only lasted

approximately 45 minutes, the simple fact of an essential

service to many had been partly offl ine caused enough

disruption for many to be angry about.

Gmail, a rival email service to Microsoft’s Windows Live

Hotmail and Yahoo!’s Mail, also suffered downtime a month

later, due to a technical error which caused an automated

error message to be displayed. Because of the nature of these

two products, there was never any 100% downtime; many

different aspects of the services worked just as well as they

did before the technical issue (Needleman, 2008b), but some

areas of service were affected.

Google in its effort to be as open and honest about the issue

caused some relief however. Google Docs, which should be

noted is still in beta testing stage, had been partially offline to

some for less than an hour due to the “servers that control the

view of the document workspace as well as the home

document l isting” (Lowensohn, 2008). This, again, is a

technical error which much too many misconceptions, simply

do happen out of the blue. The brunt of the downtime for

both products were enterprise customers and partners; those

who use the service to provide a service themselves were hit,

and were found to be ‘in the dark’ for the duration of the

collective downtime.

Just before the Gmail incident, Krigsman (2008) made a point

of highlighting the issue surrounding Google’s policy in data

handling, and our sometimes unknowing willingness to

provide the software with our data. He wrote:

We blindly give Google our data - email, calendar,

bookmarks, search history, and so on. What

happens when Google refuses to give it back?

Angst.

He proceeds on to explain that the loss of data is entirely

unacceptable, whether Google intervenes on somebody’s

account for security reasons or not. In the case of both Gmail

and Google Docs failing, this is not a fault of Google’s, yet the

responsibility it still held by the company. In the same article,

Wainewright (2008), an influential cloud computing

professional, perfectly sums up the state of cloud computing

today:

One point the story highlights is a hard lesson for

users: Don’t trust the cloud at this early stage in its

evolution.

This seems to be quite a trend amongst those in the

technology industry, as Thompson (2008) states that the more

we rely on applications and services in the cloud, the more

problems that are likely. For those using social media

applications such as Twitter, the problems seem less severe

than those who use Enterprise 2.0 applications for

spreadsheets, databasing and document management. Not

only that, certain acts of law as pointed out by Thompson,

such as the US Patriot Act, allow any content hosted on any

device, regardless of sovereign state; which for those who

hold files and documents in the cloud, make their job of

“snooping” much easier than a home invasion of personnel

brandishing warrants and suchlike.

In conclusion, natural or physical disaster to the datacenter which houses the cloud in hardware form would be the main matter of

concern to the company or those involved in the running of the datacenter (IsecT, 2004). On the other hand, r egardless of company

size or volume and magnitude of the cloud, from the findings discussed within this paper, network or computing downtime is the

most detrimental effect to have on the end user. If you have no connectivity to the Internet or from the Internet to the datacenter

where the cloud is hosted, you cannot access what you need to and the entire cloud concept is therefore made redundant.

“”

“

“”

“

“”

Zack Whittaker What possible computer disasters can be associated with "cloud computing"?

http://blogs.zdnet.com/igeneration Page 6 of 7

Bibliography

Amazon Web Services LLC., 2008. Amazon Simple Storage S ervices (Amazon S3). [Online] Available at: http://aws.amazon.com/s3 [Accessed 10th November 2008]

Beard, H., 2008. Cloud Computing Best Practices for Managing and Measuring Processes for On -Demand Computing, Applications and Data Centers in the Cloud with SLA’s. Amazon.com: Emereo.

Cisco Systems, 2008. Securing the Data Center. [E-book]. Available at: http://www.cisco.com/en/US/solutions/ns340/ns517/ns224/ns376/overview_securing_the_data_center.pdf [Accessed 8th November 2008]

Foley, M., J., 2008. Microsoft 2.0: How Microsoft Plans to Stay Relevant in the Post-Gates Era. Indianapolis: Wiley.

Harris, R., 2008. StorageMojo » Building a 1.8 exabyte data center. [Online]. Available at: http://storagemojo.com/2008/10/12/building-a-18-exabyte-data-cente [Accessed 9th November 2008]

IsecT Ltd., 2004. NoticeBored technical briefing: securing physical access and environmental services for datacenters. [E-book] Available at: http://www.noticebored.com/NB_tech_briefing_on_datacenter_security_SAMPLE.pdf [Accessed 9th November 2008]

IT Business Edge, 2006. What Communications Retention Will Mean to ISPs. [Online]. Available at: http://www.itbusinessedge.com/item/?ci=17461 [Accessed 7th November 2008]

Krigsman, M., 2008. Don’t trust Google with your data | IT Project Failures | ZDNet.com . [Online] Available at: http://blogs.zdnet.com/projectfailures/?p=958

[Accessed 10th November 2008]

Kurt, G., kurt.glenn@css.one.microsoft.com, 2008. RE: SRX1083937461ID - Windows Live SkyDrive. [E-mail]. Message to Z. Whittaker. Sent 7 November 2008, 13:06.

Available at: http://blogs.zdnet.com/igeneration/images/skydrive-email.htm [Accessed 8th November 2008]

LaMonica, M., 2008. Amazon storage 'cloud' service goes dark, ruffles Web 2.0 feathers | Webware - CNET. [Online] Available at: http://news.cnet.com/8301-17939_109-9873068-2.html [Accessed 10th November 2008]

Lowensohn, J., 2008. Google Docs goes down, user data does not [Updated] | Webware - CNET. [Online] Available at: http://news.cnet.com/8301-17939_109-9985608-2.html [Accessed 8th November 2008]

Modine, A., 2008. Web startups crumble under Amazon S3 outage - The Register. [Online] Available at: http://www.theregister.co.uk/2008/02/15/amazon_s3_outage_feb_2008 [Accessed 10th November 2008]

Needleman, R., 2008. Gmail is down, Twitter sizzling with the news | Webware - CNET. [Online] Available at: http://news.cnet.com/8301-17939_109-10014389-2.html

[Accessed 6th November 2008]

Pandella LLC., 2007. About Pandela Team and Project. [Electronic print]

Available at: http://www.pandela.com/about_us.html [Accessed 9th November 2008]

Perlow, J., 2008. Preparing for a Flickr Apocalypse (Updated, with Yahoo response) | Tech Broiler | ZDNet. [Online].

Available at: http://blogs.zdnet.com/perlow/?p=9316 [Accessed 8th November 2008]

Zack Whittaker What possible computer disasters can be associated with "cloud computing"?

http://blogs.zdnet.com/igeneration Page 7 of 7

Security Focus, 2008. Rogue admin blocks San Francisco network. [Online] Available at: http://www.securityfocus.com/brief/776 [Accessed 8th November 2008]

Thompson, B., 2008. BBC NEWS | Technology | Storm warning for cloud computing. [Online] Available at: http://news.bbc.co.uk/1/hi/technology/7421099.stm [Accessed 7th November 2008]

Togio, J., W., 2002. Disaster Recovery Planning: Preparing for the Unthinkable. 3rd ed. New York: Prentice Hall.

Wainewright, P., 2008. Back up your online data. Now. | Software as Services | ZDNet.com. [Online] Available at: http://blogs.zdnet.com/saas/?p=607 [Accessed 10th November 2008]

Wainewright, P., 2008. When Google disowns you | Software as Services | ZDNet.com. [Online] Available at: http://blogs.zdnet.com/saas/?p=575 [Accessed 11th November 2008]

Weiss, A., 2007. Computing in the clouds, netWorker, 11(4), pp. 16-25

Whittaker, Z., 2008. Egnyte: using and sustaining Enterprise 2.0 | Enterprise Alley | ZDNet. [Online]. Available at: http://blogs.zdnet.com/enterprisealley/?p=289 [Accessed 6th November 2008]

Whittaker, Z., 2008. Explaining the buzzwords which students will need to know| iGeneration | ZDNet. [Online]. Available at: http://blogs.zdnet.com/igeneration/?p=576 [Accessed 9th November 2008]