Security Manager's Journal: Why the shutdown is like the cloud
- 07 October, 2013 13:14
As I set out to write my column this month, I popped over to the NIST website to check some facts. The National Institute of Standards and Technology publishes security standards and guidelines for the U.S. government in its "800 series," and they are generally useful in the private sector as well. I visit the NIST website occasionally to check the facts on topics ranging from encryption algorithm lifespans to risk assessment methodology. But this week, the NIST website has been taken down due to the U.S. government shutdown.
The NIST website is displaying a maintenance page saying, "Due to a lapse in government funding, the National Institute of Standards and Technology (NIST) is closed and most NIST and affiliated web sites are unavailable until further notice. We sincerely regret the inconvenience." I hope they do, because a lot of professionals rely on information provided by government agencies.
This is a somewhat jarring experience. I hadn't realized the government affected my daily life in any meaningful way, but now that the documents I'm looking for are not available to me, I'm starting to wonder what preparations I should have made to account for this situation. In fact, I'm thinking like a business continuity planner.
Business continuity is all about maintaining or resuming normal operations after a primary process is interrupted or has failed. If I were thinking about this a week ago, I might have considered ways to get the information I need even if the NIST website was unavailable. I can't find any mirrors, but maybe I could have created my own by downloading all the documents to my own hard drive. But now that the only information channel I've been relying on has been interrupted, it's too late. Business continuity planners are supposed to think ahead, to predict what might happen and come up with appropriate countermeasures. I'm not one, but I can see how that reasoning applies to my situation.
My natural response to this is that I should go ahead and download the NIST publications whenever the website comes back up. And that's really a commentary on cloud services in general.
I rely on the cloud daily. If I apply the term loosely, then my reliance extends to all of the websites I use to look up information and perform tasks involving data. The biggest problem with that extensive reliance, of course, is that when sites are unavailable, I don't have access to the information and services I need. Cloud services in general have been plagued by availability problems (as well as data loss and other significant issues). This has implications for all organizations. The convenience and scalability of the cloud is somewhat offset by the risk of your service going dark.
What's the alternative? Your data is either in the cloud -- as with Apple's iCloud, the various DropBox-like services, and even video streaming services like Netflix -- or it's on your own storage. If I don't want to rely on the cloud, I'll have to buy more hard drives and keep copies of the data I need. In today's interconnected world, that's not as easy as it once was. I would have to deal with keeping my data in sync with the cloud. And of course, I would be managing a potentially huge amount of data instead of relying on services to do that. And what about Wikipedia or IMDB? They hold way too much data to mirror.
Hopefully, I'll be able to follow through next month with the column I was originally planning to write this month, before the NIST website was shut down. With any luck, the government will be working again by then.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at email@example.com.
To join in the discussions about security, go to blogs.computerworld.com/security.
Read more about security in Computerworld's Security Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Updated: Bill Morrow new head of NBN Co
Cloud debate now about speed and sophistication
Cloud debate now about speed and sophistication
Yahoo Mail still down for some users, after an attempted fix
Queensland government to provide 200 services online by 2015
Best Practice in BYOD
The key trend affecting enterprise mobility today can be summarized in four letters: BYOD – Bring Your Own Device. As the number of end-users bringing devices into your organization grows, so does the need for an effective Enterprise Mobility Management (EMM) solution. Learn how to manage devices across multiple platforms all from a single, centralised and unified management console. Download for more!
Eight Simple Steps to Boost Campaign Results Using Predictive Modelling
Marketers today are consumed by big data, struggling to find meaning and under pressure to use that meaningful data in smart ways to boost results. But many organizations are reluctant to try and use predictive modelling in their campaigns, due to unfamiliarity and the dependence on complex tools – yet with modern, marketing-friendly modelling tools, integrated with campaign management, it is easier than you think. This whitepaper demonstrates how predictive modelling plays a critical role in streamlining the selection process.
Meeting Business Data Protection
When it comes to data back-up and recovery, the rules have changed. Virtualization has enabled IT organisations to become more efficient, but also more complex. This whitepaper addresses these new realities, and provides a comprehensive solution for virtual and physical environments, backup of applications and data, disaster recovery and replication of complete systems or applications, and for ensuring high availability of mission-critical services.