Cloud of vapor?
Vladimir Yakovlev, CISSP
Published Author | CISO | CTO | Cybersecurity and Infrastructure Solutions Architect
The story of yet another cloud services meltdown is yet again in the news. This time it is Azure and, while started in a single region, is now affecting some of the global services:
https://www.theregister.co.uk/2018/09/04/thunderstruck_azure_backout/
For all the undeniable benefits that cloud services do provide, the problem, as I see it, is in the very nature of the automation at scale as well as in our inability, as a cloud customers, to affect necessary changes once disaster strikes.
Of course, the arguments could be made for multi-cloud implementations with third-party cloud brokers, but I am not buying those. We are not aware of all the dependencies these services carry. Case in point is the event with the 2016 Dyn cyberattack that affected broad swathes of the cloud-based services.
We do not control and frequently are not aware, who's services your IaaS or SaaS using and relying on to run their infrastructure. Furthermore, if they'll change these or establish new dependencies, we are not likely going to be notified.
So the real picture of the critical paths may differ widely from the one we have relied on for our design, implementation and operations.
I know that we do not and cannot control everything. Even in conventional infrastructures, we have to rely on ISPs, CAs, Global DNS infrastructure, registrars, etc.., but we've used to been able to keep the internal systems working if not in primary, than in DR locations. We've used to rely on the P2P links with our peers for critical communications. This provided degree of resiliency and self-sufficiency that is rapidly diminishing in the age of IaaS, PaaS, SaaS and SD-WAN.
The Internet, with all of its problems, used to offered unprecedented degree of connectivity between widely different networks, whereas now, it is drifting inexorably towards an InterCloud model.
The greater the concentration of resources, the likelier is the event that he next vendor-specific issue will affect disproportionately large chunk of global services.
Perhaps we should consider building conventional datacenters as DR solutions to the cloud based services.
Much like keeping printed books in archives in addition to their much more convenient digital copies.
Take this post as either a rant or rumination.
I'm interested in your take on this subject.
CEO | Quema | Building scalable and secure IT infrastructures and allocating dedicated IT engineers from our team
2 年Vladimir, thanks for sharing!
Co-Founder & CEO of Clean Slate Consulting | I help real estate professionals close more deals by providing credit repair services for clients with bad credit.
2 年??
Program Coordinator at Western Continuing Studies
5 年Even from just a personal standpoint, I'm still weary of putting things in the Cloud and not having them backed up or printed off just in case they get lost. It's hasn't happened yet (knock on wood!), but even losing some memories would be pretty devastating.