Thursday, 1 March 2012

Leap year day bug

Microsoft has confirmed that a service outage that affected its cloud computing service Microsoft Azure, appears to be caused by a leap year bug.


Who could have possibly predicted that there would be an extra day this year? And in four years time.  And four years after that, and so on ... but not in 2100, or 2200, or any other year divisible by 100, unless it's divisible by 400? Although it's entirely possible that they might change the rules at any time.

Seriously, though. Anyone who relies on the cloud for storing important data, maybe hasn't thought about the risks. A cock-up by the person running that part of the cloud is only one of the risks. There's also the possibility of your internet connection going down for any of a dozen reasons. But I would say that the biggest risk is likely to be legal.

A lot of your data is confidential, either because you want it to be, or because there's a legal requirement that it be confidential. If you store it on someone else's server, then there's a whole lot more people who could access it without your permission. There's the people running that part of the cloud, for example, and there's third parties - hackers - because you have no control (and probably no knowledge) about how good their security is. And whether the people who work for the cloud company can be bribed, or fooled into giving access to your data to a third party.

And there's an even bigger threat. Suppose you're based in the UK, and you're complying fully with UK law, as obviously you must. But different countries have different laws. Some things that are entirely legal here, might be illegal in Iran, or Qatar, or the USA. And if your data is on a server that is physically located in another country, you could suddenly find that your server has been confiscated, or impounded, or whatever they do in foreign countries, using the legal means that are available over there. And you no longer have access to your data. And maybe some foreign government does have access.

So, if anything calls for a thorough risk assessment before jumping into it - storing important data on the cloud is a clear candidate.

No comments:

Post a Comment