The Cloud And The Clouded Truth

Azure Outage Proves Once Again: The Cloud Is Well Named, No Blue Skies Ahead

This time it is Microsoft, not Amazon, embarrassed by a major European cloud outage tied to servers in Ireland (and Belgium).  As noted by Information Week, the multi-hour ‘glitch’  comes on top of Microsoft’s outage on February 29 when software had not been properly cued for Leap Year.  These are fundamental foreseeable lapses not mere risk.  Sure this was just two and a half hours, but which critical processes, functions and communications can you lose for an unforeseeable two and a half hours?  It’s 10 pm; do you know where your data are?

The Cloud And The Clouded Truth:
If you think that collaboration increases productivity and that the cloud enables unprecedented collaboration, you need to know not only what collaboration is and how it works, but what the cloud is and how it actually works.  Or doesn’t.

While enabling speed,  flexibility, and adaptability in the way businesses utilize computer resources, the cloud has yet to transform productivity  or even cut users’ costs significantly, as Information Week recently noted in  the results of its Global CIO survey.   The cloud has more than likely not reduced your costs.  Meanwhile, thanks to the incompetence and insouciance of cloud operators, you are nonetheless vulnerable daily to cloud catastrophes.  These catastrophes can eat your productivity alive.  And undeniable catastrophes have indeed plagued the cloud, from the Google hackability of the cloud to the lightning strike which brought down Amazon’s Eire facility and with it Amazon’s Eurozone cloud services, even for days.  Considering the devastating consequences of these vulnerabilities, both security and reliability have begun to gain some traction, but is mere traction enough?

Unbelievably, the security concerns have migrated to a debate over whose responsibility cloud security really is: a majority of cloud providers told Computer Associates and the Ponemon Institute in a recent survey that their companies did not think cloud security offered any competitive advantage and they thus didn’t even see cloud security as their responsibility.  Not only did the majority of cloud providers allocate 10% or less of their operational resources to security; they often didn’t even bother to evaluate the system for threats. To them, security was their customers’ responsibility.  Not surprisingly, these cloud companies did not think that their customers’ data was secure.   Worse, seeing themselves as low cost providers (without the low cost), they didn’t care.

Similarly, a recent Fraunhofer Institute study revealed that none of the cloud providers it tested satisfied all of its security requirements, so that the Fraunhofer researchers were able to access sensitive data entrusted to the cloud.  The sensitive data was personal,  never intended for public, or prying, eyes.   You take collaboration seriously, but when your data flows to the Web, you hand it to companies where historically nobody cares, and nobody bothers.

The cloud provides worse than false efficiencies if your entrusted data are vulnerable to theft; and loss of service, bluntly, shuts down productivity.   The willfully or carelessly unsecured, unreliable cloud threatens you not with the law of diminishing returns but with negative returns, and worse.  The cloud threatens you with pervasive and permanent loss of productivity, reputation, and, of course, money.

Beware too the private cloud in a day when buggy software is casually tolerated: seeming security may not be at all secure.  Vulnerabilities may not just render your  internal and external collaboration insecure but place unshared data at risk across your enterprises.  So too the cloud you perceive as private may actually be enabled by a public cloud.  Worst, other people’s definitions of “secure” can be rather tortured, as with the owner who asserted the safety of his cloud for all his subscribers as he could “see everything everyone is doing on the platform.”

And that simplest of faults, operator error, may not just open vulnerabilities but shut your entire enterprise down, as when one company’s employee in Europe changed a setting and brought down the company’s entire U.S. cloud.  Productivity quickly approached zero for the duration of the outage.  That company was lucky that the error was traceable.]

Cloud Control Center
There is some hope: The Fraunhofer Institute has developed a global monitoring system to assess the security of commercial cloud services and address the issues its study identified. Fraunhofer has also developed a product it calls “OmniCloudsoftware” to encrypt backed-up date before delivery to the cloud; the software integrates with multiple cloud providers and their different programming interfaces.

© 2012 Sigrid Caroline Schroder. All Rights Reserved.