Confidentiality, integrity, and availability are the traditional needs that need to be balanced in security according to business need. But Ben Tomhave argues that with the advent of the cloud, availability is often assumed to be at near 100% all the time, and has subsequently moved to a purely operation consideration. It’s an interested dissection of this infosec staple.
Before Google could even take to the stage to announce their new “Google Storage for Developers” cloud storage offering in their I/O conference keynote, Amazon hit back with a new low-cost “Reduced Redundancy Storage” option for S3. The titans are at war, and cloud storage is the new battle ground. But what was really announced? And should you care?
Customers only hear what is useful to them. There, I’ve said it out loud and now I’ll just wait for my lapidation to begin.
Availability figures lull people into a false sense of security as actually no-one knows what they mean!
Outages happen; big horrible nasty outages happen. In a career which now spans over twenty years, I’ve been involved with probably half a dozen; from PDUs catching fire due to overload to failed air-conditioning to wrong application of the EPO*. I have been involved in numerous tests; failing over services and whole data-centres on a regular basis and for most of these tests, the end-user would not have been aware anything was happening.