Saturday, April 4, 2009

The Cloud - A New Provider Failure Mode

swat-jpg I certainly would not have thought of this failure mode. A law enforcement agency raids a datacenter and grabs the hardware that your provider uses to host your business critical application.

The FBI has seized all equipment belonging to our customers. Many customers went to the data center to try and retrieve their equipment, but were threatened with arrest.

Let’s assume that some customer in a cloud or co-lo is doing something bad. The law enforcement agency doesn’t understand clouds, virtualization VMotion, or hypervisors. They understand computers. Which one is it? Who knows. Grab them all.

I’m not clear on the details of what happened in this particular event. It’s possible that the provider was a legitimate target of law enforcement. From the point of view of someone who has a critical application tied up in the mess, the details are not as important as the concept. If someone, somewhere in the same co-lo or cloud as you commits some crime, what will law enforcement do, and how will you protect yourself against heavy ham handed agents and judges that don’t understand technology?

I’m thinking that we need to add a couple more questions to the cloud/co-lo RFP & vendor qualification forms:

  1. Does your security staff include former law enforcement, and if so, do they still socialize with current law enforcement agents?
  2. How many full time lawyers do you employ?

Question #1 gets you fair warning of the impending raid, and #2 gets your servers back after the raid.

In the mean time, you presumably have recovered your operations at some other co-lo, in some other cloud.

2 comments:

  1. #1 - Many LE seizures are under court seal, so that doesn't necessarily cover.

    #2 - LE seizures almost always result in return of assets unless other circumstances come into play, but you might be able to make it faster.

    ReplyDelete
  2. I don't think a court seal necessarily stops data leakage amongst the close fraternity of law enforcement officers.

    Having said that, the action items were somewhat tongue in cheek. The key is that if one values availability, one must assume that the provider can disappear with no notice, and one must plan accordingly.

    ReplyDelete