[lug] NoVAD: Protecting Cloud Data

Rob Nagler nagler at bivio.biz
Mon Jul 14 13:16:33 MDT 2014


On Mon, Jul 14, 2014 at 10:45 AM, David L. Anselmi <anselmi at anselmi.us> wrote:
> You won't use Nuclear Level Safeguards(tm) on your
> family photos and it would be silly to run a nuclear reactor with automation
> provided by Amazon's infrastructure.

NoVAD is about providing appropriate safeguards, that is, protections
we have on our desktop and for our photo collection.  In regards to
photos in the cloud, Google delete, for example, moves photos to the
trash, and only permanently deletes them after 60 days. That's way
more than is necessary for NoVAD VDelete, which could be as short as
24 hours.  Right now, if you delete a virtual machine, file volume,
etc., you can't recover at all.  It's gone, instantly.

> So there's probably a market for NoVAD features.  But it isn't universal.

I don't agree.  We have "undo" for individual photo accounts, but no
undo for a whole company. The assumption here is that ordinary users
make mistakes often and expert users (programmers, admins, etc.) do
not make mistakes.  The key is that when I make a mistake with my
photos, it's no great loss, and it directly affects me.  When I make a
mistake on the systems my company runs (and I've made a few :-), it
affects thousands and sometimes tens of thousands of users.

The nice thing about cloud features is that they are easily
replicable, unlike physical safeguards for a nuclear reactor.  A cloud
provider can offer NoVAD's suggested features for a fee, just like
they charge for backups and archives. The problem is that end-users
are not putting enough pressure on SaaS companies who in turn have to
put pressure on their cloud providers.

While there are no nuclear facilities run in the cloud, there are many
medical record companies and important physical devices (e.g. fire
alarms and thermostats) run the cloud.  Imagine if somebody hacked
Nest's or Honeywell's infrastructure in the middle of the winter and
sent a signal to all thermostats to turn themselves off.  What would
be the effect on the burst pipes?  If there's a chance you could stop
such an attack in progress with a VSCRAM code, you would save millions
of dollars in damages and severe heartache (damaged pictures,
paintings, etc.).  Right now, I doubt there's anybody at Nest who
would know how to shutdown all operations, instantly.

> that they originally conflated nuclear power with nuclear weapons but
> nuclear power isn't so bad.  But the damage is done--they caused a lot of
> money to be wasted.

There's an excellent book on this subject by a physicist from the
University of Cambridge: http://www.withouthotair.com/

> The problem after a scram is decay heat, which continues to be produced and
> must be removed.  When Fukushima's emergency power was flooded they lost the

Thank you for the education.  Something I didn't know much about.

Rob


More information about the LUG mailing list