How important is your data? What would happen if it got into the wrong hands? Do you think you could recover quickly if it all vanished?
Now ask yourself, how secure is your cloud? Does your HR department know you have outsource the number crunching for payroll to a few hourly temps (cloud systems) and that their payroll isn’t being done by the black boxes they walk by every day on their way to lunch?
There is no aspect of your business, large or small which can’t be outsourced, rented, leased, or temped. Everything from the security guard sleeping at the desk to the cafeteria worker slopping food onto a plate. Now with cloud computing, even your number crunching can be exported.
But how safe is this exporting of cloud computing? With the recent increase of pirates in the Indian ocean taking over oil tankers, how long until smarter pirates take down the connections to a major data center. Imagine this, 4 or 5 people get together and each have an accidental crash, all within a few minutes in 1 downtown area, for example: 9725 Datapoint Dr., San Antonio, TX 78229 United States. It would be possible to cut the power and telecommunications to a single data center, with just a few minor fender benders.
Now take it further, what if that happened at a 1/2 dozen data centers? Pretty soon you end up with the results of the great NYC blackout, the demand on the backup systems is so great they go down too. Pretty soon a major corporation is knocked offline, because they outsourced there computer to a single cloud. For a few hundred dollars in speeding ticket fines, it might be possible for these individuals to do millions in damages in the matter of seconds. These data centers may have microwave uplinks and backup generators, but with some minor sabotage it is very possible that they happen to be offline due to a few cups of sugar in a gas tank or some missing parts in a microwave transceiver.
Now with all that said, I also spent some time this weekend trying out Amazons S3 Web Service. I have used it before, but never found a client that was easy enough to use until now. I’m running Cyberduck for file transfers on my macbook pro, and have been very happy with it overall. I was creating a new connection where I noticed the option to create a Amazon S3 connection. So I did, and have uploaded about 28 MB of data. Just the documents in my document folder for now. The transfer speed was acceptable and the price is very good. I’m going to be doing a lot more before I head home for the holidays. In case anything happens in transit or while home I will have 100% backup of all files so I could reload the laptop and reload the whole system in a matter of hours.
Now the question, Was I worried about the files I have uploaded, no. There is no personal data, beyond some photoshop images and php files, all which are on my websites if anyone really wanted to download them. When I do the complete backup, I will be using some method of encryption. I don’t expect someone to spend the time downloading a few gig encrypted folder and waste the cpu cycles trying to decrypt it, but it is a good piece of mind in case something happens where they do gain access to the bucket.
Perhaps the weakest point to the whole S3 system is Amazon’s own password scheme. It allows for very weak passwords and I’m sure with some good social engineering could probably get them to reset it to a new e-mail address claiming the old address was changed due to a corporate e-mail policy change. Take any company, buy the domain mail-corportationname.com, and probably get any phone support person to believe you are infact working for that corporation. If needed do some fake letter head, get a fax number in the same town / phone exchange, and pretty soon you could be the head of the smallest branch office of that corporation. It must happen pretty often, Amazon even has a page for people’s who’s email has changed since the last order.
So, how secure is your cloud? Using the same techniques used to compromised domain names and have them transfered, it would be possible to recover Amazon passwords and login and download complete S3 collections, Start and Stop clouds, and manage any other Amazon web service.
So to answer the question, the answer is… it ain’t. So deal with it.
You can argue stuff about keys, restricted ips, encryption, secure methods. But if someone can login to the management portal because of a compromised password it ain’t secure. Once they are in the management console, they can start and stop servers, cancel services, reset restrictions and possibly even lock you out of your own account.
For anyone out there who hasn’t seen the secret, go get it now (link to amazon). Here is a link to the first 20 minutes on youtube. It will change you life. For those who have, then you will really enjoy the parody done for this virtualization training video. The training video draws you in with the same high action high drama music and effects making you want to sit there and watch every moment of it. Both are very well done and both are worth the viewing time.
Server consolidation, efficient and fast disaster recovery, cost savings, high availability and fast virtual server deployments are just some of the things you can accomplish with VMware Infrastructure 3. ESX 3.5 is the most powerful virtualization software on the market today and in this training CBT, Eli Khnaser will guide you through the planning, deployment and administration of your virtual infrastructure.
VMware is one of the fastest growing companies today and its virtualization software is the hottest technology in the computer world today, so if you are trying to advance your career and need the next hot thing, ESX Server is that technology that will give you the edge you need to get ahead.
For those of you that are seeking certification, you are still required to attend the VMware class as that is a mandatory step in achieving your certification. You can use our CBT to reinforce what you learned. If you are trying to learn VMware Infrastructure 3 because of a job requirement, this CBT gives you practical, hands on training from someone who does it on a day to day basis and has implemented some large ESX deployments.
After reading an article on VSM, with a really unusual title, That’s a funny looking cow, I mean chicken, I mean cow, trying to take some old joke which had to be explained to be funny and turn it into a opener for the article. I realized I needed to write about all the virtualization jokes which are floating around the internet.
Sadly there aren’t many yet (maybe that’s a good thing). I did a roundup of virutlization comics a few months ago and was surprised the number I found. But for actual jokes, there doesn’t seem to be any good ones.
This is the only one I found, and I sadly think it is a stretch to call it funny:
IMPORTANT: Please review the confidentiality agreement below before downloading any Parallels software technologies.
You agree that, unless otherwise specifically provided herein or agreed by the Parallels in writing, the Software and the Documentation, including the specific design and structure of individual programs and the Software, provided to you by Parallels constitute confidential proprietary information of Parallels. You shall permit only authorized users, who possess rightfully, obtained license keys, to use the Software or to view the Documentation.
You agree not to transfer, copy, disclose, provide or otherwise make available such confidential information in any form to any third party without the prior written consent of Parallels. Examples of these include but are not limited to discussing Parallels Desktop Beta to the media, or in any personal and professional weblogs, discussion boards/forums and email.
You agree to implement reasonable security measures to protect such confidential information, but without limitation to the foregoing, shall use best efforts to maintain the security of the Software provided to you by Parallels. You will use your best efforts to cooperate with and assist Parallels in identifying and preventing any unauthorized use, copying, or disclosure of the Software, Documentation, or any portion thereof.
