Disclaimer: All videos presented in the “YouTube IT Video of the Week” series are subjectively selected by ITKnowledgeExchange.com community managers and staff for entertainment purposes only. They are not sponsored or influenced by outside sources.

Green technology image via Shutterstock

Data centers are inefficient, unrepentant energy-sappers, and our obsession with cat videos is to blame.

That’s one way to read James Glanz’s recent New York Times article, “Power, Pollution and the Internet,” the first in the paper’s new series, “The Cloud Factories.” The piece, based partly on a year-long McKinsey & Company study on the environmental impact of a “secretive” industry without much regulation, includes plenty of startling statistics (30 billion watts of electricity!) and provocative quotes (“If we were a manufacturing industry, we’d be out of business straightaway,” says one unnamed exec).

According to the article, these offenses to efficiency are mostly driven by fear — fear of downtime, fear of failing to meet user demands, and by extension, fear of job loss.  As data processing requirements continue to mount, says the Uptime Insitute’s Bruce Taylor,  ”no one, absolutely no one, wants to go in that room and unplug a server.” Of course, it could all be solved by the cloud — maybe.

The story has predictably inspired a flurry of reactions over the past day or so, with some supporting its basic premise, but many faulting it for misleading or incomplete reporting. Here are a few choice quotes:

Forbes contributor Dan Woods thinks that the article simply doesn’t define its scope well enough. There needs to be a distinction made between Internet companies, which have made strides in energy efficiency, and traditional, risk-averse IT departments:

The bottom line is that the Internet companies are dying to save power. Their data centers are in effect the clouds that are referred to as a potential solution. Their data centers will be the first to have new, higher levels of utilization because it makes sense and saves money.

Rich Miller, of Data Center Knowledge, agrees that the article failed to tell the positive side of the data center energy story:

The last five years have seen dramatic changes in the way the largest data centers are designed and operated, as companies like Google, Yahoo, Facebook and Microsoft have vastly improved the energy efficiency of their server farms by overhauling their power distribution systems, using fresh air instead of power-hungry chillers (“free cooling”) to cool their servers, and running their facilities at warmer temperatures.

Diego Doval (former CTO of Ning) worries about how the general public will respond (he breaks down all the incorrect assertions in a mammoth 5,000-word post):

There is one thing that the article covers that is absolutely true: data centers consume a hell of a lot of power. Sadly, the rest is a mix of half-guesses, contradictions, and flat-out incorrect information that creates all the wrong impressions, misinforms, and misrepresents the efforts and challenges that the people running these systems face everyday.

On The Verge, Tim Carmody suggests the article doesn’t give enough credit to the genuine importance of the Internet in modern life. Uptime is essential not because users want to watch videos or play fantasy football, but

It’s because that infrastructure powers our businesses, our schools, our police and fire stations, our banks and stock exchanges, and yes, our media. It’s because those zippy data transfers help drive our economy, in the same way that the boom in turnpikes, canals, and railroads did 200 years ago.

On Slate’s future tense blog, Will Oremus acknowledges the criticisms, but praises the piece for drawing attention to an important issue:

“[T]he cloud” is not some magical ether, but rather a network of big, power-hungry, polluting, and often wasteful physical data warehouses that store a lot of stuff we need but also tons of stuff we don’t need. That may be obvious to those in the tech industry, but for much of the general public—a majority of which apparently thinks cloud computing has something to do with the weather—it’s a point worth hammering home.

And then there are the Slashdot commenters.

What did you think of the article? Was it a fair assessment of the data center industry, or a simplistic view on a complex issue? Where do we go from here? Let’s hear your thoughts. (Be sure to check out further thoughts from Taylor and other tech and energy experts in the Times’ opinion section).

Much of the IT action was in San Francisco this week as VMworld 2012 was in full swing, but there’s a whole other world out there, and plenty of cloud and big data hype to fill it. Here are some of the week’s best quotes from around the industry.

 “Is this an honest maneuver? Do they want to drive OpenStack forward? Or is it a Trojan horse?”
- Piston Cloud Computing CEO Joshua McKenty, assessing VMware’s surprise move to join the open-source cloud service as a Gold Member this week. OpenStack has long been seen as a competitor to VMware, but some think the company has realized its less than ideal standing in the cloud market.

“I don’t even know what the ballpark number for a server is — for me, it would be like knowing what the price of a sword is.”
- Daniel Gross, co-founder of Cue, one of many companies using Amazon Web Services for its computing needs and apparently saving a lot of money in the process. The company got some major love for its cloud services from the New York Times this week, and recently introduced reserved instances to add to its established on-demand model.

“The reality is that people’s expectations of what is needed are rapidly maturing.”
- Outgoing VMware CEO Paul Maritz, talking about how the virtualization game has changed (and Microsoft is still behind) during VMworld 2012. See more of what he had to say about why his company is still the leader in this VMworld video – and read more meaty virtualization quotes from the show over at SearchVirtualDesktop.com.

“It’s like asking people in 1995 if they think that this newfangled ‘Internet’ thing is inflated or not.”
- Laura Teller, chief strategy officer for Opera Solutions, LLC, on whether the hype around big data is justified. Her take: That’s the wrong question to ask.

Schneier explained his fears to a packed room at RSA 2012, outlining how he saw individuals, companies and governments effectively outsourcing security to cloud providers, abdicating ultimate control in exchange for convenience and cost savings.

The result is a state of “security serfdom” where fealty is pledged to one of a few centralized data gatekeepers who promise and deliver great benefits – but upon whom the user becomes completely reliant for basic security. Apple’s legion of adoring gadget geeks and people who live the “Google lifestyle” through GMail, Google Voice and more now rely on those companies to make critical security decisions for them.

It’s not an all together negative trend, particularly since “average users” historically do the bare minimum of backup, encryption and other information security hygiene possible, but it does create a more monolithic landscape that is likely to get harder and harder to opt out of.

“There’s a war on general purpose computing, because companies realize they gave up too much control,” said Schneier.

Battle lines are drawn

He said these companies are now working hard to change that. Big data, in the form of companies like Google, Choicepoint and major ISPs, require almost unfettered access to user data in order to optimize, package and sell analytics and advertising, and so have building products that require that access from day zero.

Meanwhile, law enforcement agencies have been pushing through what Schneier categorized as “ill-conceived legislation” that would endanger the freedom and security of the Internet while doing little or nothing to prevent true threats.

The result is a fast-coming future where data and even device ownership is a grey area: Kindle Fires, iPhones and even many “open” Android devices all severely limit root access, which inevitably diminishes how secure they can be.

“If you pledge your allegiance to Google, they will protect you … as long as they protect you,” he said, explaining that while outsourcing to cloud providers takes away a lot of the traditional security headaches, it means leaving your security in the hands of a corporation whose security policies you cannot control – or sometimes even know.

But we like being oppressed!

[kml_flashembed movie="http://www.youtube.com/v/JvKIWjnEPNY" width="425" height="350" wmode="transparent" /]

There are benefits to this approach, not only for the “feudal lords” controlling the security ecosystem but also for the serfs.

“If you’re the general person, it’s probably better for you, because you’re doing a lousy job,” Schneier said. “Like with Flickr: Now you don’t have to backup your own photos.”

Even enterprises, which have traditionally held to stricter security standards, are finding the allure of serfdom hard to pass up.

“The economic benefits of outsourcing are really great,” Schneier said.

But the big picture impact is a little more mixed, particularly when it comes to the impact of the feudal model of security has on actual security.

“For attackers, it’s more or less the same that it’s ever been,” Schneier said.

Higher walls but bigger payoffs

With more companies and individuals outsourcing their security decisions and implementations to Facebook, Google, Amazon and Microsoft, these companies become increasingly valuable targets for attackers. The consolidation also fundamentally changes the landscape for attackers: It used to be enough to protect most people was to simply be more secure than the next target.

Just like a car thief will pass by a well-alarmed car with a Club on it in favor of a less defended vehicle, users who took basic precautions could generally defend themselves from most untargeted attacks. With monolithic security systems, however, one successful attack can compromise thousands of accounts.

Those payloads will only become more valuable over time.

“Some of these companies are going to become banks,” Schneier said, pointing to Google Wallet. “Full expect some of them to become everything.”

Consolidation, meet regulation

What really worries Schneier, he said, is what happens as these consolidated security lords face more and more regulation, which will almost inevitably negatively impact security.

For example, data retention laws.

“The best way to secure data is to delete it,” Schneier said. But around the world, countries are passing laws requiring data be kept for 30, 60, 90 days or more, making users more vulnerable to both government surveillance as well as unnecessarily vulnerable to unauthorized access from both internal and external attackers.

“I really worry at some point we will be forced to design and Internet kill switch,” he said. “And then I’d have to design it to make sure only the president could push it – I don’t trust myself to build that.”

There is hope, however: Schneier said that SOPA and PIPA were succesfully fought off with the help (and lobbyists) of Big Data companies like Google, and there’s a winning track record of fighting bad Internet legislation.

He said the Internet’s “lack of regulation” stood as a testament to that, but that vigilance was needed.

“Here is my challenge to you: Get involved at layers 8 and 9, the economic layer and the political layer,” Schneier said. “Common sense does not have a lobby.”

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

To add insult to injuries, The Register reports on the confusion many customers are experiencing regarding their service level agreements post-downtime. Though the EC2 SLA states that users can receive credits if the service’s annual uptime percentage falls below 99.95%, many are finding that they fall through the loopholes in the fine print. As The Register reports, “[T]his only applies to users who have spread their applications across multiple ‘availability zones’ – subsections of Amazon’s regional services designed not to fail at the same time.” In other words, if your data isn’t spread across the EC2 service, and thus more downtime-proof, you most likely won’t be receiving a credit anytime soon. For those companies that did read the fine print and planned for disaster from day one, there was significantly less damage.

Whether you’re a cloud supporter or an anti-cloudie, you probably have an opinion on Amazon’s EC2 fiasco this past week. Bloggers around IT Knowledge Exchange took this opportunity to calm frightened users and learn valuable lessons. Take a look:

• TechStop’s Joshua Wood gave a quick rundown of what the outage meant for users and why Amazon’s Cloud Outage isn’t that big of a deal.
• Tom Nolle of Uncommon Wisdom thinks that cloud views need to get realistic.
• Storage Channel Pipeline’s Eric Slack teaches a valuable lesson to those concerned about preparing for cloud outages: Add a second provider.
• Always the voice of reason and optimism amidst cloud doubt, Ron Miller of View From Above chides cloud haters who jumped at the Amazon EC2 fiasco.
• Editor Michael Morisy wondered, in the wake of Amazon, iPhone and Dropbox, is there a new normal?

Also see IT forum questions on Cloud Computing.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

Amazon’s cloud empire floated a little higher yesterday with the announcement that the web giant is adding bulk messaging to its cloud services. From the announcement:

We’re excited to announce the beta release of Amazon Simple Email Service (Amazon SES), a highly scalable and cost-effective bulk and transactional email-sending service for businesses and developers. Amazon SES eliminates the complexity and expense of building an in-house email solution or licensing, installing, and operating a third-party email service. The service integrates with other AWS services, making it easy to send emails from applications being hosted on services such as Amazon EC2. With Amazon SES there is no long-term commitment, minimum spend or negotiation required – businesses can utilize a free usage tier, and after that, enjoy low fees for the number of emails sent plus data transfer.

The horizontal play isn’t particularly surprising. While e-mail is something Amazon has been supporting via EC2 instances, the results aren’t always pretty. The dynamic IPs, for example, often get Amazon-powered e-mail flagged as spam. A dedicated service will help push past these problems, particularly for businesses where e-mail is an important tool but not necessarily the prime competitive advantage, leaving one less thing for your average IT department to puzzle through.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

Theft of information assets was reported by 27.3% of companies over the past 12 months, up from 18% in 2009. In contrast, reported incidences of theft of physical assets or stock declined slightly from 28% in 2009 to 27.2% in 2010, according to the survey [from the Kroll Annual Global Fraud Report].

So with all of these numbers scaring the enterprise into holding tighter to their users’ information than ever before, is it actually the cloud’s fault? There’s a booming “no” coming from vendors such as Amazon Web Services’ Steve Riley, Rackspace’s Bret Piatt, and founder of Mashery Oren Michels.

One of the theories on where cloud security propaganda comes from is IT execs who don’t want to part with their major IT budgets. “A big security breach that happened in the cloud doesn’t mean a security happened because of the cloud,” Michels clarified.

But just as Randy Bias says that the cloud isn’t a solo services deal, people want to know to what extent additional services are available to help in the deperimeterization of the operating system and the application that happens when moving to the cloud. In other words, how do you harden your application before deployment?

Steve Riley, Senior Technical Program Manager for Amazon Web Services, presented the alternative: If your extremely valuable data is stored in your single data center, the risk of loss is extremely high. Moving to an infrastructure that specializes in minimizing risks means that a single outage goes mostly unnoticed because there are other copies that can quickly be routed to. The key to data security is building to withstand failure and accepting guidance to create your application so that there are fewer risks.

Moving past the “we know what we’re doing” that many vendors tout in the face of questions about their security practices, Amazon Web Services outlined exactly how they ensure your data stays safe, from all angles.

How Does Amazon Web Services Protect Your Data?

• No physical access. No tours of the data centers, all activity logged and monitored.
• They employ the Zen hypervisor with some changes, such as security groups. AWS operates with the mindset that the virtual machines you deploy are your machines. Their operators have no access to your virtual machine.
• There’s no VM to VM path; they enforce traffic via isolation. They know exactly where your data is and do not allow the possibility of overlap or leakage.
• One of the features, security groups, allows you to construct your firewall rules at the console. Rather than opening up your webservers to the internet, you can create a tier above – with all of your security tools – that’s dedicated to scanning incoming traffic before reaching the webserver.
• Virtual Private Cloud: If you’d like to create a virtual private cloud with Amazon, your machines will be stored in AWS, but the end user assigns the IP address via the VPN from the router on your network to the router on AWS’s network. The only way your machines in the AWS can reach the internet is by routing out to your network then back out to the internet. Riley got excited at Amazon’s plans to increase the number of routers that lead into the VPC.
• Amazon S3: In their storage offering, intended for storage and distribution, data analysis, or disaster recovery, they employ separate policies for the container and the object within. The users are expected to define the policies separately, or all at once in the bucket policy.

Riley even had an answer for managing all of the different ways to secure your information: “Encryption is the best possible way to keep sensitive data secure.” Though data encryption has a community of skeptics, Riley proposed creating a flat file with all of your encryption codes, encrypt that file with AWS encryption to which Amazon never grants itself access, and the AWS encryption is deleted with each instance.

How other providers are walking the talk

I’ve since followed up with Rackspace’s Bret Piatt and Mashery’s Oren Michels about how they, too, are demonstrating to their customers that they are securing their data in the cloud and other services. Check back for their responses.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

]]> http://itknowledgeexchange.techtarget.com/IT-watch-blog/how-amazon-web-services-protects-your-data/feed/ 0 http://itknowledgeexchange.techtarget.com/IT-watch-blog/how-was-your-manic-cyber-monday/ http://itknowledgeexchange.techtarget.com/IT-watch-blog/how-was-your-manic-cyber-monday/#comments Tue, 01 Dec 2009 18:47:34 +0000 Michael Morisy http://itknowledgeexchange.techtarget.com/IT-watch-blog/?p=341 “Cyber Monday” has come and gone, but was it just another rough Monday for you or did your network face a deluge of “recreational” traffic?

There’s been a lot of debate over the years about whether “Cyber Monday,” the online follow up to Black Friday where consumers supposedly click on to hot deals while at work, is more marketing hype than reality (coupon codes come and go, after all). This year, at least, there appears to have been some bump: Coremetrics reports sales were up 11%. The real day to watch out for? December 17th, the last day for free shipping to arrive by Christmas for most Amazon purchases:

How was your Cyber Monday? And how are you handling holiday shoppers, whether they sap productivity in a trickle or a torrent? Let me know at Michael@ITKnowledgeExchange.com.