There have been some high profile cloud failures in the past two years. Rackspace, Microsoft, Google and Amazon have all seen complete service outages for some of their customers, taking down major web sites. Google and Twitter have seen security breaches in their cloud space during the same time, and those are just the breaches we’ve heard about. There have been additional cautionary tales relating to security in the cloud from companies like Dropbox.
Amazon’s outage was rooted in connectivity issues that impacted database services used to manage a cloud database. The outage lasted 11 hours and caused two major web sites to have problems loading their homepages for several hours.
Rackspace had a power outage in the Dallas data center that was not resolved for part of the day, leaving customers unable to connect to some of their servers. Rackspace had to work on their power infrastructure to ensure the issue didn’t reoccur. It was the second power related outage for the same data center, so there’s no certainty that they’ve corrected the issue.
Microsoft has had two outages, one in 2009 relating to its hosted SharePoint and Exchange services and another more recent outage with just hosted Exchange. The first outage was due to a network upgrade that had unforeseen circumstances causing a two-hour outage for customers. The more recent outage was more systematic, having the email servers finally go down after two weeks of continually degrading connectivity and speed. Email is a particularly critical business application; the outage was amplified in IT’s view by the fact that it was email, which is highly visible and used by everyone in the company.
Google outage was of its own cloud service, the Blogger web site. A routine maintenance patch took the service out of commission for nearly 48 hours. It is a free service, but so are the Gmail and Google Docs services being touted by Google as the way to get to the cloud. Those cloud hosting servers are just as vulnerable to the same kind of maintenance related outage as the Blogger web site.
Having your web site, applications, or corporate data on a cloud hosting server has its share of dangers. As shown by the high profile outages, you could be at a work stoppage or serious loss of revenue during an outage. The outage can be human error like a maintenance upgrade gone terribly wrong. The outage can be due to system problems, like the extended degradation leading to failure that took out Microsoft’s cloud hosted email services. A lack of proper planning or weakness in the physical infrastructure of the data center can lead to an outage, like the one that affected Rackspace twice at the same facility.
To combat this unpredictability, companies need to think ahead and plan for failure of a cloud service to stay in business. The data or cloud component the customer has on a cloud provider’s site should have some kind of redundancy built-in with another cloud provider to ensure optimal up time. The companies that experience a complete outage due to the cloud provider’s outage had only themselves to blame. Cloud providers tell their customers to have a contingency plan in case of a temporary Newsrooms outage of the cloud services. Although, in the instance of Microsoft’s hosted email and data services, there really isn’t a redundant system available, leading some recent advocates of Microsoft’s BPOS to back off and start migrating those business crucial services back in-house.
Google has had two breaches in its cloud security platform. The first breach was of Gaia, which is the shared security system that controls the Single Sign On service. Cracking this system allows you not just to get to Gmail, but also to any of the other hosted services for that login, including Google Docs where that user stores data. This major breach is one of the things endangering Google’s push to have federal government entities adopt Google’s cloud services.
Google’s also had a security breach in its cloud services for Twitter. This vector of attack came from hacking the Gmail account of the Twitter president’s wife and getting account login information that allowed the hacker to breach Google Apps where the hacker was able to access a lot of Twitter’s company data. While this breach had more to do with weak passwords, the issue is a lightning rod for groups opposed to a major award for Google to get the City of Los Angeles to migrate their email and office applications to Google’s cloud services.
Dropbox came under fire recently for its security policies. Customers thought Dropbox did not have copies of the encryption keys used to encrypt customer data, when in fact they do have backup copies and will use them if the Federal Government comes knocking with a search warrant for the customer’s data.