The Risk of a Meltdown In the Cloud

zrbyte writes "A growing number of complexity theorists are beginning to recognize some potential problems with cloud computing. The growing consensus is that bizarre and unpredictable behavior often emerges in systems made up of 'networks of networks,' such as a business using the computational resources of a cloud provider. Bryan Ford at Yale University in New Haven says the full risks of the migration to the cloud have yet to be properly explored. He points out that complex systems can fail in many unexpected ways, and he outlines various simple scenarios in which a cloud could come unstuck."

Why not stick to real risks?

[msobkow]

I don't understand the intent of the article other than to provide a knee-jerk chicken-little response to cloud processing and storage.

Not one of the items mentioned is unique to the cloud. It can happen to any data center with more than two nodes involved in a cluster.

But that's not surprising, because "the cloud" is just a distributed collection of cluster servers, the same as large multi-nationals have been running pretty much since their customer loads exceeded the ability of one server to span the global community.

Re:It has to happen

[Anonymous Coward]

Well, lots of people lose data or access to data "in the cloud" (i.e. "on the mainframe", to use '60s IBM parlance) all the time. Catastrophic losses happened in the '60s, happened for that short period of enlightenment when we thought we should have control of our own data, and will also happen as we revert to the past. The usual questions apply:

- What are the motivations of your service provider? I.e. how much do /they/ care if your data is lost. This will determine how hard they try not to lose it. Recall that a businesses future depends on the interests of its owners and executives - there is no maxim requiring that the business last as long as possible, especially not in the field it is currently in;

- Who else can bother you? I.e. who wants to access your data and who of those people has the resources to pay government or crackers?

Cloud services should complement, not replace

[sandytaru]

I think the safest bet is to have local copies in addition to copies in the cloud, even if all the processing and computing is actually done in the cloud. Companies should set stuff up to keep a local copy of critical services on a good old fashioned tape drive or backup server. This is sort of a reverse of the cloud based backup solutions, where local processing and databases took place on local servers, but had backups in the cloud in case of a local disaster. Same idea: Have a local backup in case of the meltdown of the cloud. You may find your primary app is temporarily useless, but you at least have all your critical data (hopefully in a format that can be transferred.)

Cloud Computing == Banking

[ZombieBraintrust]

I think the best metaphor for cloud computing is banking. There are risks for doing it yourself and risks in trusting a bank. If you hold your money in a safe then you may be robbed by a family member, employee, or petty theif. If you keep your money in the bank you may be robbed by the goverment, bankers, or by proffesional bank robbers. This same dynamic is true of storing data. The big difference between cloud computing and banking is regulation. Federally insured banks are heavilly regulated. There are laws about home much money they can lend, who they can hire, and what rates they can charge.

Re:Why not stick to real risks?

[NatasRevol]

Doubtful.

More likely, bean counters don't listen to the IT people who say offline backups are important. Beancounters just hear extra expense, think everything in the cloud is secure, and deny redundancy/backups.

Re:Oscillator

[dkf]

The general point is that it's possible to get bad emergent behavior which is unexpected. This shouldn't be surprising to anyone (but it is, alas). We see it over and over in complex systems, and it's got pretty much nothing to do with what you implement the complex system with.

What to do about it? Well, the only real fix is to stop the drive for efficiency at all costs. All those little inefficiencies that hit your bottom line, they also mean that when things go wrong you can weather the storm more easily. And yes, that resilience means things are going to cost more. How much more? Well, depends how much risk you want to take out of the system and how much you're willing to pay. Your call. (A local backup removes a lot of risk from things like cloud providers going belly up unexpectedly, but it does mean you're stuck with actually having to pay real money to do the backup and make sure it is working.)

Re:It has to happen

[Anonymous Coward]

If someone loses "all" their data in the cloud, their problem has nothing to do with the cloud. If you lose all your data, it's because you kept all your data in one place, with no backups in a different place, and all fault lands on you, not the cloud, not your cloud provider, and not on any given piece of technology. There have already been large failures, and some companies have already lost massive amounts of data, but it doesn't change anything, because these problems have nothing to do with whether you host your own servers or rent them from somebody else, which is really all "the cloud" boils down to.

Also, inherently not trusting virtualization as a concept in 2012 is is moronic and baseless. It's a technology, just like any other. It can be implemented well or it can be implemented poorly, but as a concept it is not novel or revolutionary to any degree that it should engender trust or distrust, at least not any more than the hardware underneath it.

Re:Cloud services should complement, not replace

[__aajwxe560]

As a SaaS Operations Manager, I believe you are spot on. While I have no major issue with sending data up to the magical "cloud" in many cases, shame on me if I am not taking some responsibility on my own for backups, etc. Even if a cloud provider provides an SLA and claims full backups, should that fall apart, its still going to be my butt in the sling for recovery.

Their are of course numerous technical solutions to the problem, including cross-site replication, etc. The challenge is the more timely/accurate the replication, usually the higher the cost (bandwdith/limit latency expenses). When the finance folks start to see these numbers, or the customer, suddenly it becomes less "urgent" to them. The trade-off is often times a subtle expectation of HA due to potential direct impact on company profitability, but nobody wants to actually pay for it. I am aware of way to-many orgs that cut corners in this area and simply lie to the customer.

Hence, to your point, hedge your bets and do the best you can with regular backups

Re:It has to happen

[jedidiah]

If the cloud is not more robust than what your grandma could come up with on her own then what's the point really?

Isn't the whole point of "the cloud" the fact that you aren't managing this stuff yourself? You don't have the burden? You don't need the expertise?

If you push it back on the cloud consumer then a lot of it is really quite pointless.

Re:Why not stick to real risks?

[Dan667]

"the cloud" is just dumb terminals all over again. After businesses make a bunch of money on the cloud they will then start selling local solutions again to try and mitigate problems with being on the cloud.

Re:It has to happen

[lightknight]

"If the cloud is not more robust than what your grandma could come up with on her own then what's the point really?"

Money.

Re:Why not stick to real risks?

[lightknight]

Indeed. I can't believe that after we had finished ditching mainframes as a technological way of life, the pointy-heads want to go back to it. Like we missed something the last time we were there...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:It has to happen

[jriding]

Just a thought. Forget actual failure. What happens when they have IP data or licensed data that is being hosted by a cloud provider, or company to company lawsuit. Court case starts. Could or would they they seize all computers / servers that could house the data? What would happen to the other peoples data that resides on the same physical hardware?

Re:It has to happen

[DarkOx]

If the cloud is not more robust than what your grandma could come up with on her own then what's the point really?

That is exactly it. The cloud is more robust than what grandma could come up with or what I have time to manage for her. Grandma has some family photo's, a cookie recipe or two, and *maybe* some financial statements etc. Some of it might be tragic to loose but its a loss we can live with.

The F1000 I work at on the other hand certainly can build something more robust at least as relates to their specific needs; if they simply put up the dollars. Certain parties are trying bill the cloud as way to save money without sacrificing reliability. Perhaps it does offer good security against traditional risks of hardware failure, run away support costs, etc; but it brings new risks to the table as well. The truth is as an industry we know less about identifying, controlling and mitigating those risks than we do about in house solutions. That is a point that is being missed by lots of decision makers.

Re:Oscillator

[IcyHando'Death]

Pardon me mods, but +4 informative? This is a terrible summary from someone who doesn't seem to have understood what he's read. The novel "cloudy-thing" aspect of the article's argument is the very part the parent misses when he dismisses this as "nothing new".

The cloud is an abstraction that intentionally hides detail. Cloud providers do that to make the service being offered simple to package, sell and use. They also do what they can to keep the tricks of their trade secret from competetors. But their infrastructure is actually very complex relative to what the average small to medium client would need for themselves. This is important in three ways:

1. 1) Your own engineers can't take all aspects of a deployment into account when making decisions.
2. 2) As a moderately sized company, using the cloud will expose you to the risks of emergent behaviour that would simply not be an issue on the smaller scale you would operate on if you ran your own infrastructure.
3. 3) Your system may be humming along smoothly one moment, then start thrashing disasterously the next in the absence of any action on your part and for no apparent reason, simply because your cloud provider has tweaked some seemingly innocuous parameter (even after extensive testing)

This is an important and novel issue and worthy of some real consideration.

Re:It has to happen

[postbigbang]

Yes, a lot of people lose data on mainframes and the problem was generally behind the console. Online production systems and job-based systems need to be designed with practicality and component failure in mind.

The cloud is a system, and the system needs redundancy, checks and reality checks, and quality ins-and-outs. That's right, just like what you've been doing all along. Same security, same backups, same contingencies-- as there are no shortcuts, just cheaper hardware.

I have to dismiss the cited article as it's entirely ephemeral, with not one single citation to back it up. Financial markets, while important, are a somewhat unique context to cite; they're built differently than many cloud components. There is nothing tangible cited, no case history, just some Yale-y's bad, after-lunch tummy growling coinciding with thinking about the complexity of modern infrastructure.

This whackamole approach serves no purpose, except to sell more inside, rather than outside, infrastructure.