Web 2.0 Blog – Discovering Innovation Opportunities using Social Media

Could large scale cloud computing become a economic security risk?

Posted on: March 15, 2009

At lunch Friday, I jokingly asked the question, what would be the economic impact of google mail going down be?

But after thinking a lot about cloud computer and semantics this weekend, I started to wonder if that is a serious issue.  Someone at the table did mention that google mail did go down for 2 hours recently.

In the next 5 years or so in the commercial side as well as federal, there will be a massive shift from single server to cloud computing as well as an increasing reliance on everything being always up because of the interwoven nature of the semantic web.  Websites and webservers will no longer be individual and isolated but exist on the ‘cloud’ or rely on it in one way or another.

By definition the cloud is supposed to be more reliable and more redundant than a single server. But is it more reliable and redundant than millions of individual servers?

I don’t pretend to understand cloud architecture, but I did note that Vivek Kundra a few months ago, said that any data with a national security requirement, would not exist on the new federal cloud.  So what are the implications for  massive civilian clouds from Google, Amazon and Microsoft that business email, websites and data services would rely on?

So if most commercial data will be on the growing commercial civilian clouds, doesn’t the economic impact of large outages, start to pose in itself a national economic security risk?  Especially if an outage could include data loss?

Of  course the temptation is to say the companies themselves will make sure that doesn’t happen because they have such a large financial stake in reliability. That seems reasonable.  After all look how well that approach worked in banking.

Advertisements

3 Responses to "Could large scale cloud computing become a economic security risk?"

[…] Could large scale cloud computing become a national security risk? – Web 2.0 Blog […]

At present, Federal IT risk management is defined by FISMA, and that plus OMB guidance [08-21] requires that outsourced service providers provide *identical* security controls to an internal IT system. These controls are described in NIST 800-53, and vary based on the risk impact level of the system. At Low impact level, there’s incident agency impact from unavailability, tampering, or disclosure, up to High Impact level which could result in major agency. So, the theory is that anyone using clouds for Federal data/applications is doing such a risk assessment, and then getting documentation from their service provider of all the protections that in place to avoid any impacts.

All of this subject to change, of course, since new administration could bring new guidance regarding due diligence requirements when outsourcing to the cloud.

/John
Response: Thanks John. I just now tried to clarify the post. I quote Vivek on a concern he seemed to have for the federal cloud, but the security risk I am asking about is an economic one when businesses are relyoing on the commercial clouds from Amazon and google.

With respect to business dependency on clouds and resulting economic risk, this is very similar to the existing economic risk that already exists with due to increasing Internet use for consumer and inter-business commerce. We don’t worry generally about this dependency, or the dependency on the electric power grid, but that’s because there’s decades of experience providing extremely high availability services. One presumes that cloud computing providers will need to reach the same level of reliability very quickly…

/John

p.s. There is no “federal cloud” today, and hence the movement of non-national security federal systems [i.e. unclassified] to the cloud is also a dependency today on those very same commercial infrastructures… ergo, if a major commercial cloud failure occurred today, the businesses that were impacted might find various state & federal relief services offline at the same time.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: