Home / Articles / The 9/11 Of The Cloud – How Safe Are We?

The 9/11 Of The Cloud – How Safe Are We?

I was late for a very important meeting regarding a merger on September 11, 2001. I remember feeling disbelief watching the events unfold live on my TV that morning as if I were still asleep, stuck inside a horrible dream. Paralyzed, I kept watching as the second plane hit the World Trade Center building. Driving to my meeting felt surreal, weighed down by silence as my mind was trying to piece together what it just saw. As I entered the office, my partner was shocked that I was late, unaware of the events that were still unfolding. Yes, that day was a great tragedy, one that directly affected the lives some good friends of mine. For some, it was a wake up call that our world was no longer safe. It exposed flaws in the rescue efforts that caused the loss of many more lives that day.

“Cloud” is an overused buzzword that is supposed to be the secret sauce of making your team more efficient and cutting capital expenditures (CAPEX). Companies are moving their data & their infrastructure to Cloud providers in order to take advantages of these benefits. Whether big or small, all providers claim a secure place to host your most valuable asset, your data.

At the time, 1 World Trade Center and 2 World Trade Center were the tallest buildings in the world. Using some clever design concepts, “sky lobbies” were used which increased the rentable space each floor from 62 to 75 percent. A tube-frame design was used to allow more open floor pans. Forty-Seven steel columns ran from the bedrock to the top of the tower giving the structure strength and stability.

The infrastructure of the Microsoft Cloud offering for example is distributed worldwide with special cooling controls, vast banks of batteries, emergency generators as well as physical security & monitoring. I haven’t met a client yet who has a server room with all these features, along with an armed security guard watching over the systems 24/7/365. You can find a brief video here.

What made the Twin Towers an attractive target? I’m sure being the tallest buildings in the world had an influence in the choice.

One must wonder, will there ever be a digital event as dramatic as 9/11 in terms of bursting the bubble of perceived safety? We are not talking about precious lives being lost, but rather the knowledge that we are vulnerable.

As we look at the major data breaches to hit us, most notably in the press are the Ashley Madison Hack, Sony Pictures Hacking, the Fappening, Target & Home Depot among a long list (great interactive graphic here), we can’t help realize that our data isn’t safe. The bigger the corporation is, the bigger the target. The Ashley Madison hack is directly affecting people’s lives, as suicides are possibly linked to the embarrassment of being exposed as one who carries on extramarital activities.

What will it take to burst the bubble? I don’t know. If I could predict the future, I would have invested in a small garage startup called Apple. The trends show that the hacks are more brazen then ever, more damaging then ever and we also know that many hacks are never reported for fear of tarnishing a business reputation.

What can you do with this knowledge? I personally use Office365 for my Exchange server, Freshbooks and Xero cloud accounting software, online banking, Dropbox and online backup services. Then again…I don’t have proprietary information worth millions of dollars floating around in those cloud servers.

The trend to move everything to the cloud is slowly reversing with a hybrid approach of on premise servers and certain chosen applications or services being served from the cloud.

One the biggest issues of 9/11 was communication between different departments of the various rescue teams. Delayed evacuation also played a part in the tragic deaths of many trapped inside a burning inferno of a building that was about to collapse.

When choosing a cloud vendor, how is their communication? Will they take quick action to alert you of a potential breach so you may take actions to mitigate the risk? Can you easily retrieve your information if you need to “evacuate”? Is your data encrypted in transit and at rest? Do you have control over user data that might escape from your protected wall, allowing you to remote delete?

Sometimes clients say they want all their business moved to the cloud. “Why?”, you might ask. They don’t know why…they just heard it was a good idea.

As trusted advisors, it’s our responsibility to evaluate their business needs, which includes mitigating risk. There are some solid business cases for a cloud-centric business, while for others; a hybrid approach might be more appropriate. What’s important is to discuss the risks and rewards with your clients. If ever a cloud breach happens with a company you referred, how would that affect your reputation? If you hid the risks…you might find yourself as an untrusted advisor! How much better it would be if you warned the clients of the risks and had an “escape” route in place in case of disaster? Both you and your client will sleep better at night knowing that you have an action plan in place should your cloud provider become a target of an attack.

As more and more clients look to the Cloud, choose your Cloud partners wisely, evaluate your client needs, and keep your feet on the ground when reaching for the sky.

Randal Wark