Weathering the Cloud

May 17, 2011

Hidden in one of the weekly newsletters I subscribe to this week was a gem called Amazon Cloud Outage: 10 Lessons Learned. It has been widely reported that Amazon experienced outages and interruptions of its Elastic Compute Cloud (EC2) services in the U.S. East Coast region on April 21. Later, Amazon published this rather complicated document explaining what went wrong.  But more important than understanding the cause of the outage is applying some thinking to what we can all learn from this and how we could all be affected by our choices in regards to cloud. Written (incredibly well) by the folks at CRN, the “10 lessons learned” list looks something like this:

  1. The Cloud Will Go Out – outages are inevitable and a complete cloud strategy must take this into account
  2. Disaster Recovery, Failover Strategies Are Necessary
  3. Pay Attention To SLAs – organizations need to evaluate what their tolerances are for each service or system being migrated to the cloud and secure the appropriate SLA’s.
  4. Partner With An Expert – support from a trusted advisor is key
  5. Don’t Put ‘Blind Trust’ In The Cloud
  6. Beware Cloud Charlatans – competitors will look for ways to capitalize on this outage, but companies shouldn’t be looking for a “quick fix” promise
  7. Cloud Management, Maintenance Are Still Required
  8. Amazon’s Outage Will Make The Cloud Stronger
  9. Assume Nothing – don’t assume resiliency, backup, disaster recovery and other services are offered by cloud providers
  10. Transparency, Communication Are A Must – cloud providers’ reputations will be based on how they communicate with their customers – before, during, and after an outage

Hot on the heels of that article was the keynote address by EMC CEO Joe Tucci at this past week’s EMC World. In this recap by, Tucci is quoted as saying, cloud is the “biggest and most disruptive change” the IT industry has ever seen. He went on to tell the audience, “Addressing today’s issues will require more efficiency, choice, and control of companies’ IT infrastructure. And what addresses these pain points? It’s the cloud. And more specifically, the answer is the hybrid cloud.”

There’s no doubt that cloud is gathering momentum. But with a solid strategy and strong partnerships, you can leverage the power of cloud and still weather potential storms.


Could Your Network Security Fend Off Attack?

May 10, 2011

On April 26th, Sony disclosed an “external intrusion” on its systems between April 17 and 19 that affected its PlayStation Network and compromised credit card data, email addresses and other personal information from 77 million user accounts. On May 2nd, Sony said personal information — but not financial details — from an additional 24.6 million online gaming accounts also may have been stolen. Now it appears that Sony may have thwarted a third attack this past weekend.

The Washington Post writes that CNET posted advance warning of a third attack planned by the same hacker group. By monitoring an Internet Relay Chat channel the group uses, an informant was able to tip CNET to the possibility, and Sony used this information to ward off the planned 3rd attack.

The failure of Sony’s server security has ignited investigations by the FBI, the Department of Justice, Congress, and the New York State Attorney General, a well as data security and privacy authorities in the U.K., Canada, and Taiwan. In this Huffington Post article, a Sony executive is quoted as saying the data breach that hit Sony’s PlayStation Network resulted from a “very carefully planned, very professional, highly sophisticated criminal cyber-attack designed to steal personal and credit card information for illegal purposes.”

Sony originally expected some of its services to be restored last week but has now pushed back that deadline to an unspecified date. Bloomberg reported that although Sony missed its initial deadline to restore some services, it still plans to have the full network restored by May 31.

With so much mainstream news coverage in print, online, and on the TV, network security has leapt to the top of most IT Directors’ minds. With an obligation to protect customers’ proprietary data coupled with the need to protect the company’s own data and intellectual property, security has never been more important. Add the need to allow mobile and remote access for customers, business partners and employees, and the scope of the issue increases exponentially. Bottom line – NOW is the time to evaluate and tighten your organization’s data protection policies.

%d bloggers like this: