It’s good to know that most of Amazon’s backup power generators were working at the end of last week as some seriously bad weather hit the most internet-infested part of the planet, aka the DC area. But it is far from good enough. If we are to succeed in shifting data storage to the Cloud, with the vast benefits that many believe will flow, we need to have security-conscious grown-ups making resilience decisions. Else all we are doing is continuing the trend of porting our most valuable data assets into increasingly insecure locations.
Some months back I was invited to visit the Network Operating Center of one of our major corporations, located in Northern Virginia, and got a taste of what it takes to ensure resiliency. They have two separate power access points; an oil-fired generator that is constantly run in readiness; and a huge battery backup. And aside from redundant server capacity on site, they have two more complete operations in another state. Any one of them can be switched in seconds. They have never been down for more than a few.
Cloud suppliers need as a minimum to offer this kind of redundancy to ensure resilience, and to game “two-war” situations in which a major hack attack comes at the same time as a natural disaster (weather, earthquake) or the outbreak of an infectious disease that takes out many of their personnel. Seems to me that unless standards are that rigorous, neither commercial nor government agencies are going to entrust their data, and the Cloud will continue to be – as it is now – on the fringe of data storage and management.
The experience of the past few days raises other issues of resiliency. It is astonishing that the area where the most powerful people in the world reside can’t get its power utility to bury its cables (Europeans are routinely shocked to discover U.S. practice, which is defensible in scattered rural and semi-rural areas, but reeks of the Third World in suburban centers).
And all that before we start talking about the prospect of an EMP (electro-magnetic pulse), which could essentially reproduce the results of the weekend storm right up the East coast and take a year to fix. But I hear a movie is in the works about the Carrington Event, the mid-19th century EMP that melted telegraph wires. Perhaps that will wake up legislators, regulators, and utilities. And consumers.
- Cloud Redundancy: How Amazon Should Repair Credibility (broadbandconvergent.com)
- Thoughts on the AWS outage: making the cloud more resilient to failure (cloudflare.com)