False security

I went to Amazon Summit 2012 in Berlin for exact one week ago, after many sessions and a stressed day, early morning flight and late night flight. I enjoyed it a lot and felt for a short moment that what I was doing is so far away from all cool stuffs, but I realised later that I must give it time to mature. Most importantly, I am doing the right thing.

This blog is about "false security" by having a real infrastructure. People always argue about "If I have my physical server, storage and network. I will know where my data is. I feel secure about it." I disagree. Here are some reasons:

• Do you really know your backup and restore works?
• What happend in the disaster situation?
• What is standard of your data centre? PCI DSS? SAS 70? 
• How great is your off-shelf compute? Any vendor locked in? 
• If you want to expand and do it fast, can you really do it? 
• Is your RIO, TCO and operational cost optimal?
• Can you do "Chaos Monkey"?
• How secure is your data? Are they encrypted? 

If we argue about those, we usually find out that "shit, we aren't that safe/secure!" It could be you've a restaurant's kitch under your server room or your mysql dump is 22GB and it takes about 5 hour to restore or your Cisco router can only handle 100mb/s. You will find yourself under all kind of risks.

Well, I am not advertising for amazon or any other cloud vender, but you must think about those if you choose to use cloud, specially on the first three items. You should have thought about those if you have your own infrastructure as well. For unknown reason we just keep ignoring them and self-deception.

When "False security" hits, it hits hard! Don't fool yourself please!