[Outages-discussion] Unpleasant discovery

jhess at huntbrothers.com jhess at huntbrothers.com
Sat Oct 27 18:57:10 EDT 2012 

On Saturday 27/10/2012 at 2:43 pm, George Herbert  wrote:
>
> Cloud servers, cloud source code management, NOC and make-changes-here 
> servers for DNS provider all within a few miles of the Hurricane's 
> landfall path.
> The Cloud is not necessarily geographically s            eparated and 
> safe.

Best practice from a security standpoint would be to have 
geographically dispersed DNS servers, backups, and disaster recovery 
plans, and to have formal validation and audit procedures implemented 
to ensure that the plans accomplish the objective, and that they are 
implemented correctly.


High availability is expensive.   Unless you have proof of your DNS 
provider's insurance or solvency, and a written agreement signed by 
both you and your DNS hosting provider to the contrary,  which 
explains what minimum levels of assurance;  design and security 
controls are in place to ensure High Availability,   and  assigns 
liability to the service provider,  for refunds for service during any 
period in which there wasn't geographic separation or other promised 
controls, and for any damages caused by negligence of the provider 
failing to implement the promised controls.......

Then  [in the absence of that]; the only safe assumption then is:  
that there are no rigorous controls,  and all the provider's servers 
should be assumed to be in the same room,  with numerous shared single 
points of failure.  If there is not a security practice in place to 
validate,  that continuity will be preserved in case of a disaster  
----   don't expect it to work in case of disaster by mistake,     
because the inexpensive route in that case  is to just accept failure, 
 and recover from it;    in some cases, failure might occur anyways.

Again, the inexpensive route --  not much extensive design in the 
system, to accept failure, and provide quick repair options,  so 
failure might take a long time to remediate   (E.g.  manual restore 
from the slow tapes.).

Even if the DNS servers are geographically dispersed today,  they 
might not be tomorrow,  if you don't have a piece of paper  that says 
the provider is  on the hook,  when they are not.

>
> George William Herbert
> Sent from my iPhone
--
-JH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20121027/453dd3fa/attachment.html>

More information about the Outages-discussion mailing list