If there is a scriptwriter in the sky, it must have been an acute sense of irony that led to the plot twists in cloud computing we’ve seen in the past month. Amazon Elastic Compute Cloud (EC2) and Elastic Block Storage went down following a routine upgrade on April 21 2011 and didn’t fully recover for an incredible four days, hobbling sites that included Reddit, Quora, Hootsuite and Foursquare. NoSQL took on a whole new reality. When we laughed, claiming a direct hit from a newly self-aware Skynet, we were told that cloud computing was never intended to be more resilient, or that the customers that were hit hadn’t subscribed to Amazon’s more expensive resilient flavor of Cloud services. We were ‘just waving an ignorance flag’ by thinking that Cloud services had, in the past, oversold themselves on being ‘highly redundant’.
What shook the market was the time that the service took to recover. Evidently, a misdirected software upgrade shifted large amounts of traffic onto systems not configured to handle the load. This triggered further outages before the problem was resolved three to four days later. We don’t know yet whether this was an extraordinarily rare vulnerability, or whether the cloud infrastructure is fundamentally flawed.
As if that wasn’t enough, we also had Sony’s security breach to their PS Cloud which sent a frisson of anxiety through the ranks of CIOs. Sony shut down two of its cloud services, the PlayStation Network for games and Qriocity for music and video, on April 19 after 77 million PlayStation accounts were discovered to have been compromised between April 17 and 19. Whilst investigating this breach, Sony discovered that 24.6 million more PC games customers had previously had their payment details stolen from Sony’s servers.
The general public has been mesmerized by the media into believing that cloud computing is a radical paradigm-shift that has made traditional IT concerns irrelevant. The media has now led the naysayers. Wiser counsels in the IT industry will learn from these mistakes. They’ll cheerfully use the cloud for fluffy social-networking stuff, and exploit the advantages of the cloud where it is prudent, by building resilient hybrid systems that keep the four nines and financial stuff securely in-house. With current security, audit and resilience issues, it would seem reckless to rely solely on the cloud for ‘serious’ business applications. Soon? Who knows.