Some recent, high-profile security-related events are adding another wrinkle of complexity for those who are trusting the cloud for their data storage and content delivery: who your neighbors are, and what they might be doing.
On June 21, the FBI raided a Reston, Virginia based server farm for Swiss hosting provider Digital One. While the agency isn’t commenting, the speculation is that they were looking for data related to a single hacker group – LulzSec – responsible for recent numberous high-profile security breaches waged against Sony Corporation and several law enforcement agencies.
Unfortunately, that raid entailed the physical removal of multiple pieces of server hardware that, among other things, served as the virtual, cloud-based home for dozens of other websites. Most of these affected parties are presumed to be legitimate customers that were storing data or serving web content… conducting real business that wasn’t running afoul of any laws.
As a result, several high profile corporate content developers, including Instapaper, Curbed Network, and Digital One’s own website and support system, were either suffering degraded service or were taken completely offline for more than a day. Without a backup, the data could have been lost indefinitely while the FBI conducts whatever investigation on whatever client captured their interest.
The ramifications of this event are clear: Cloud services are shared services. One of the big advantages of the Cloud is the notion that multiple entities can share the same large datacenter and resources without necessarily having to buy it all themselves. Unfortunately, it’s rare in a public Cloud setting that you are allowed to choose who you’re sharing your resources with. Often, this isn’t a big deal, but if your “neighbor” happens to be attracting a lot of attention (from hackers or law enforcement agencies), then your data and operations may also be affected as a result.
This is yet another reason to consider having a backup plan, and not totally entrusting all of your data to a single Cloud vendor.