Michael Thomas mike at
Sun Jan 22 06:16:01 UTC 2012

On 01/21/2012 12:19 PM, George Bonser wrote:
>> Sure, but balance that with podunk.usa's possibly incompetent IT staff?
>> It costs a lot of money to run a state of the art shop, but only
>> incrementally more as you add more and more instances of essentially
>> identical shops. I guess I have more trust that Google is going to get
>> the redundancy, etc right than your average IT operation.
>> Now whether you should *trust* Google with all of that information from
>> a security standpoint is another kettle of fish.
>> Mike
> I agree, Mike.  Problem is that the communications infrastructure that enables these sorts of options is generally so reliable people don't think about what will happen if something happens between them and their data that takes out their access to those services.  Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake.  Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction.  But the communications is cut off between them and their data and time to repair is unknown.  The city is now without email service.  Employees in one department can't communicate with other departments.  Access to their files is gone.  They can't get the maps that show where those gas lines are.  The local file server that had all that information was retired after the documents were transferred to "the cloud" and the same happened to the local mail server.  At this point they are "flying blind" or relying on people's memories or maybe a scattering of documents people had printed out or saved local copies of.  It's going to be a mess.
> The point is that "the cloud" seems like a great option but it relies on being able to reach that "cloud".  Your data may be safe and sound and your office may have survived without much wear, but if something happens in between, you might be sunk.  And out in "Podunk", there aren't often multiple paths.  You are stuck with what you get.
> Or your cloud provider might announce they are going out of that business next week.

The problem is that the local infrastructure might just as easily get taken out too.
Here in SF, I'm sure that the entirety of the data center capabilities aren't, say,
housed in city hall itself, so we're just as vulnerable to partition whether they run
their own infrastructure as we would be if we hosted in the "cloud" too. The larger
issue here is diversity and resilience. The internet is guaranteed to fail us at the
worst possible time, full stop. We need to make certain that we keep at least _some_
terribly inefficient and thoroughly antiquated means of doing the same thing viable
for critical tasks. When I was at Cisco, there was a push to getting emergency responders
to coordinate their communication infrastructure both for cross coordination as well
as of course cost down. Makes perfect sense... so long as the unthinkable doesn't
happen (ie the internet failing us). That's why our new IP monoculture sort of gives
me the creeps.


More information about the NANOG mailing list