Perens "Says" Fear the Cloud
22 April 2009
Bruce Perens has an interesting article up about an apparent attack on a smallish town called Morgan Hill's modern infrastructure. Coordinated attackers cut the communication lines, cutting out phones, cell phones, internet, security alarms, et cetera, all at once. It's a somewhat frightening tale of just how vulnerable our civilization is to a deliberate and semi-sophisticated attack.
This should lead managers of critical services to reconsider their dependence on software-as-a-service rather than local servers. Having your email live at Google means you don't have to manage it, but you can count on it being unavailable if your facility loses its internet connection. The same is true for any web service. And that's not acceptable if you work at a hospital or other emergency services provider, and really shouldn't be accepted at any company that expects to provide services during an infrastructure failure. Email from others in your office should continue to operate.
What to do? Local infrastructure is the key. The services that you depend on, all critical web applications and email, should be based at your site. They need to be able to operate without access to databases elsewhere, and to resynchronize with the rest of your operation when the network comes back up. This takes professional IT engineering to implement, and will cost more to manage, but won't leave you sitting on your hands in an emergency.
I think this is all true, and people should continue to be worried about the cloud, and what happens when the service (or the network) becomes unavailable. You don't want to be dependent on outside services for things that are important to you or your company.
As a matter of fact, yes, I am aware of the irony of someone posting an article like this by writing it in Gmail, sending it to Posterous, having it stored at Dreamhost, and ending up at Friendfeed. And a Twitter notification will go out announcing the post! I don't care. I still don't trust the cloud.
And hopefully nobody who hears about this decides to use the knowledge maliciously. Because I'd be really annoyed if someone cut out my internet for a few days.