Terabytes Missing From The National Archives: Would the Cloud Be Safer?
Cloud computing might strike fear in the hearts of some, but at least your employees can't walk off with your hard drives. Since May, the National Archives and Records Administration has offered a $50,000 reward for a missing Clinton-era hard drive.
As of Sunday, it's been revealed that thousands of electronic devices containing sensitive and historically important data are missing from the nation's most important public repository. While IT tends to have a knee-jerk reaction in favor of traditional data centers, the situation at the National Archives shows the sense of false security they impart.
The Back Story
In May of this year, the National Archives issued a press release that admitted an external hard drive with two terabytes of data had gone missing. Within days of the disappearance, the agency was offering $50,000 dollars for its return.Months later the money is unclaimed and the hard drive is still missing. Now, a criminal investigation by the inspector general of the Archives has revealed that thousands of electronic storage devices have been lost or stolen. From external hard drives to entire servers, exactly how many devices and how much data has been compromised is unknown.
Conclusion: It's Hard to Steal A Cloud
What is clear is that if the most important archival system in the country can't protect its data centers, it's likely that the enterprise is going to have problems too. The similarities between enterprise data management and the agency run deep. With facilities in 20 states, the National Archives deal with the entire spectrum of nightmare situations when it comes to data security.What if, instead of a chaotic jumble of devices and data centers, the Archives simply put everything in the cloud? True, it would be vulnerable in many ways. But they'd be different ways than what plagues them now. It's hard to steal the server holding someone's social security number when you have no real idea where it is.
At this point, it might be ludicrous for anyone to put their most sensitve data in the cloud as a security measure. But the dire straits at the National Archives should stand as a warning for those who think traditional data security measures are without vulnerability.
Facebook
Sponsored by
-
Cloud Computing in Plain English
November 12, 2009 / 15 Comments -
Is the Relational Database Doomed?
February 12, 2009 / 113 Comments -
Let's Move Away From Social Media and Get Down to Business
November 13, 2009 / 10 Comments -
Google Executive Says Companies Can Get Rid of Microsoft Office...Next Year
November 13, 2009 / 14 Comments -
Rackspace Says it's Closing the Gap with Amazon
November 14, 2009 / 5 Comments
-
Let's Move Away From Social Media and Get Down to Business
November 13, 2009 / 10 Comments -
Google Executive Says Companies Can Get Rid of Microsoft Office...Next Year
November 13, 2009 / 14 Comments -
Terabytes Missing From The National Archives: Would the Cloud Be Safer?
July 6, 2009 / 16 Comments -
Rackspace Says it's Closing the Gap with Amazon
November 14, 2009 / 5 Comments -
CubeTree: Drilling Comments Down to the Cell in a Spreadsheet
November 4, 2009 / 4 Comments
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteEnterprise posts
In NARA's defense: the people at the National Archives **are** working on the national level data management problem and have been for years. But like all questions of long-term importance, esp. the preservation of digital data for the indefinite long term, figuring out the best solution takes time. Assuming that preservation includes some kind of replication, once the data is preserved, missing drives and other material will be an issue "only" of security, not also of data loss.
See: http://tinyurl.com/m5ehnd
"The National Archives and Records Administration (NARA) Transcontinental Persistent Archive Prototype (TPAP) is a data preservation environment using the Storage Resource Broker (SRB) and “/i/ Rule Oriented Data Systems” (iRODS) data grid technology to develop, implement, and test a seamless, nationwide data management infrastructure."
E.g., the people at NARA have been examining using "the cloud", and a secure cloud at that; this project has been going on for a few years. Unfortunately, certain items have managed to grow legs and walk...or, perhaps, been misplaced or miscataloged in the first place, just as they would in any environment.
I hate articles like this -- it's like the marketing department went outta control...
The cloud IS NOT a real cloud. It will to some extent, be a form of data center. To echo J. Ward, sure data could still be stolen, but at least not lost.
So no, you can steal from a cloud. Let's not pretend the cloud is a panaceas when poor planning and administration are the culprits.
The cloud solves no actual security problems, and instead just creates a load more. The cloud is nothing more or less than a collection of data centres. The difference being they are data centres that belong to someone else, so you have no actual control over them.
I have tried, and I can't find a single coherent point in this entire article, just some gigantic gaffs:
"Cloud computing might strike fear in the hearts of some, but at least your employees can't walk off with your hard drives."
Indeed, YOUR employee can't walk off with your hard drive, SOME ONE ELSES EMPLOYEE can! Which is far worse, because you don't have any say in their hiring.
"What if, instead of a chaotic jumble of devices and data centers, the Archives simply put everything in the cloud?"
What precisely do you think the cloud is? Do you think it's magic of some sort? The cloud is just a collection of traditional data centres with a fancy PR makeover. A new name for old tech.
I could go on, but I think I've made my point.
What if the employee whips out a credit card buys some unlimited storage via Amazon S3 and then copies your database and files shares to his cloud? The employee does not want to steal the hard drive (he/she can get 1TB at Best Buy for $99), he or she wants the data on the hard drive. Cloud computing does not mitigate that risk.
Posted by: http://khurt.com/blog/
|
July 6, 2009 8:56 AM
Check down Sandy Berger's pants for that missing hard drive.
http://www.realclearpolitics.com/articles/2007/01/sandy_berger_what_did_he_take.html
"Cloud people" are snake oil salesmen.
I hate articles like this -- it's like the marketing department went outta control...
@1 - they've been working on it for years but DIDN'T HAVE BACKUPS??
If so, they should all be fired. That's idiotic. And there's not assuming that replication will be required OF COURSE it will be. Mother of god, how dense are these people? It's complex, but it's nar a hard problem to setup replication and make sure that data is backed up in multiple places. If you're in charge of sensitive or important data and you can't put this in place as matter of routine you're incompetent.
And the rest of you - read the post before commenting. You sound like idiots. The issue isn't that the data is missing it's that the ONLY COPY of the data is gone. No, a cloud architecture won't prevent data from being stolen, but no one will walk off the with only copy of your data by stealing one drive.
Oh and again - how the HELL do thousands of storage devices go missing? Again, these people should all be fired and replaced with people who know what they're doing. Losing that much gear is inexcusable.
While I am obviously a big fan of the cloud (see http://bloomapps.com), I'm not sure it's true that moving data off-site is inherently safer than on-site. There is a valid and real security and technical concern for relinquishing your company's data and handing it to a third-party vendor or partner. There is also legal liability to consider. The National Archives may have certain legal requirements in regard to data security that are not (or cannot be) met by, say, Amazon. (In other words, with a CDN or cloud storage system, they have a one-size fits all customers model that might make it difficult for a company to check off its internal requirements.)
An employee might not be able to walk off with a hard drive in their hands, but centralizing valuable data (not centralized in terms of where the data presides, as the cloud is inherently decentralized, but centralized in terms of a provider) might make certain providers more prone to attacks or theft. The employee of Amazon, for example, could steal data just as "easily" (I use "easily" lightly, as these things are rare but do happen).
The good news is that because of the "old world" problem of someone within an organization stealing something, we know exactly who to blame: the employee, and the company for not taking smarter security precautions. In the case of the cloud though, things get murkier. Once your data is "out there," can you really be sure that vendor is doing the things they should be doing to keep it safe?
A little bit of light rambling and devil's advocate on a Monday after the 4th of July. Hope everyone had a great weekend!
"they've been working on it for years but DIDN'T HAVE BACKUPS??"
In face, the drive that was missing was a working copy. No data was lost; just the drive.
I have yet to run across one business owner who was the least bit comfortable about the "cloud" when it was explained to them what it was. Even the ones that were rather exited about it were not too interested when they found out thier data was somewhere else under someone elses control. How can anyone be comfortable without the ability to audit or control that? So I wonder just how smart an idea it is to put nationaly sensitive data out there?
And how are entire servers walking out the door in the first place?
What's so holy about the vague term "cloud"? The NARA is unto its users as capable of being a "cloud" as is any other "cloud" provider. Shifting off the responsibility of data security to another vendor solves no problem. SOMEONE must maintain a backup. SOMEONE must secure the data against unauthorized access. SOMEONE must provide data integrity. Keep It Simple, Stoopid. Let NARA reduce bandwidth by taking (keeping) the responsibility of their own data.
@8. To the best of my knowledge, NARA has backups for their current data. The project I mentioned is a research project to test new preservation strategies before they are implemented in production.
@10. Thanks for the clarification.
Cloud resolve any actual security issues, and not just to create more load. Cloud is not more or less than the collection of the data center. The difference is that their data center, belonging to someone else, so you have no real control over.
Thanks for that..
"they've been working on it for years but DIDN'T HAVE BACKUPS??"
In face, the drive that was missing was a working copy. No data was lost; just the drive.
Thank you for your sharing.!