April 23, 2011 By Dan Lohrmann
There’s a popular sports adage that goes something like: “You’re never as good as you look when you’re winning, and never as bad as you look when you’re losing.” I’m not sure who said it first, but I think the wisdom applies beyond sports to many aspects of life and business – including the management of computer operations connected to the global Internet in 2011.
Make no mistake, the latest Amazon’s Elastic Compute (EC2) outage is a very big deal. Global coverage has landed on the front pages of major newspapers and magazines. A Forbes blog boldly proclaimed, “The Day The Cloud Died.”
CNNMoney.com described some of the impacts in an article entitled: “Amazon EC2 outage downs Reddit, Quora.” The article begins by displaying a tweet which says, “The sky is falling! Amazon’s cloud seems to be down (raining?) so we’re experiencing some issues too. Be back soon!”
As of Saturday morning April 23, the Amazon Web Services Health Dashboard, still showed the Amazon Elastic Compute Cloud (N. Virginia) as being red with a status of “Instance connectivity, latency and error rates.”
Government Technology Magazine online initially covered the story two days ago, stating, “Since its launch in 2006, Amazon EC2 has been one of cloud computing’s greatest success stories.”
Even from as far away as Australia (the outage was in northern Virginia), ZDNet exclaimed, “Amazon Outage ends cloud innocence.” Here’s an interesting quote from that article:
“Cloud computing learned the harsh reality of resiliency as Amazon Web Services' outage crossed into its second day. Meanwhile, start-ups and a host of other AWS customers are in uncharted waters….
Given that AWS' North Virginia data center has been out of whack for more than 24 hours, following a ‘networking event’ that led to problems with how data is mirrored, it's clear you need to procure more than one cloud. You need a backup for your cloud provider's backup.”
It’s clear that this week’s outage has shaken trust in cloud computing – again. No, this is not the first time. Indeed, if you try a Google search with the words “Amazon Outage,” you are offered choices in 2008, 2009, 2010 and 2011. However, this latest Amazon “cloud earthquake” (or if you prefer Tsunami) looks to be much bigger than anything before - with significantly wider customer impact and more world-wide attention.
While some competitors are no doubt smiling as an industry cloud leader like Amazon takes a beating, I expect other large cloud providers to quickly try to limit the damage to the red hot cloud marketing label. They will tell us why their products and services are different and/or why this type of incident could never happen to them. Don’t believe such bold statements. We've learned multiple times over the past few years that the best-known providers such as Google, Microsoft and even outsourced public sector data centers experience major unplanned outages that impact customers.
Indeed, this article by ITWorld.com points out the importance of cloud computing architectures & building redundancy into your technology design:
“Netflix, a large AWS user has institutionalized this in their deployment model. In fact they frequently let loose their Chaos Monkey that constantly forces random failures of even stable AWS instances to ensure recovery. Unlike Foursquare, Quora and Hootsuite, Netflix did not report any failures during the current AWS east region outage. Recovery.gov a prominent federal government website running on AWS, also recovered quickly and gracefully in another AWS region.
So while the failures have been catastrophic, perhaps embarrassing and will hopefully prompt a review of application deployment and recovery strategies, they are not serious enough to change the dynamics of cloud adoption in short or long term. The benefits of on-demand cloud infrastructure -- such as rapid cycle time, lower capital costs and utility pricing models -- remain strong cloud drivers today, just as they were last week.”
I agree with the author Ahmar Abbas’ final assessment. The Cloud will move beyond this situation and be just fine - with customers adjusting and implementing needed design modifications. Amazon will probably come back stronger. Services may cost a little more for customers, but new, secure, cloud offerings are the future for all of us. In the meantime, private cloud adopters will temporarily gloat and say, “I told you so.”
So my advice to public sector leaders is to move ahead on cloud computing plans as before, with appropriate caution. Look at the many private cloud options (like our current Michigan MI-Cloud) or hybrid public/private alternatives. Keep watching the FedRAMP progress for secure opportunities to improve efficiency.
But taking a big step back, this Amazon situation is just another example from this blog’s opening words. Pride comes before a fall in all areas of life. Smart people know that no cloud vendor is perfect or invincible. The number of large-scale breach announcements should teach us that.
We can also learn this same lesson from sports. If, despite the claims of the best experts, the New York Yankees with their huge payroll can get rocked by the Texas Rangers in the American League Championship Series in 2010, a major cloud provider like Amazon can – and will - go down as well. Yes, it will happen again to another cloud provider, so get used to it.
When expectations are too high, bad things happen – even to the top sports teams. Likewise, the best global corporations sometimes perform poorly, despite their focused efforts. We must prepare for the unexpected – even in the cloud.
April 11, 2011 By Dan Lohrmann
How important is social networking to leading companies right now? Very important. In some cases, it may even be the most important priority.
"It's a firm wide initiative across Google," said Colin Gillis, an analyst at BGC Financial. "There's no greater way to signal the importance of this than tie everyone's pay to it."
I know, Google is selling their products & services in competition with Facebook and others. But social media is also a top priority for small businesses as well as for large private enterprises seeking to gain a competitive edge. While social media is very hot today, this trend actually started to develop several years ago.
But how much social networking is right for governments? No doubt, we are in tight budget times, and the ROI from social media investments is difficult to quantify. While defining and refining your social networking strategy may be difficult for leading private sector businesses, the business opportunities and issues are no less complex or less important for governments.
I’m not talking about building more mobile apps for various government services – although social networking can help market those apps. Nor am I talking about whether politicians should have a Facebook page. Those ships have already sailed.
The question is: what is the priority of social networking for various government business areas? How should government employees be using social media? As governments participate in Government to Government (G2G), Government to Business (G2B) or Government to Citizen (G2C) interactions, how do you measure success? Bottom line, what’s the right strategy for governments?
There are many different answers to this question.
Some state and local governments have barred social networking sites altogether. Citing security risks, fears around data ownership or public perception challenges, they block most or all social network access at work.
Others use government-specific social media sites, such as Govloop.
Most federal government agencies are now embracing Facebook, Twitter and other social media sites. Yes, there are a few simple rules, but it seems likely that social networking is (or will become) as popular as smart phones and tablet PCs at the office. It’s pretty clear to me that the momentum is in the direction of widespread adoption of social networks in governments around the world.
Of course, as with other technological advances, there will be misuse and even abuse of social networking tools. Effective interpersonal communication is always hard to implement. Governments, like private sector businesses, needs to be the appropriate level of accountability put in place surrounding acceptable use and more. Nevertheless, social media is hot and getting hotter.
I think it’s time for state and local government agencies to reexamine these social networking trends and build new strategies to engage partners with social media.
What's you opinion?
March 27, 2011 By Dan Lohrmann
What is FedRAMP? How does it help with cloud-computing environments? Can we use it here in our state? I expect these questions will be asked across America over the next few years in the halls of state and local governments.
The federal government is well down the path to defining security controls required in cloud computing. State and local government officials need to take notice and leverage this excellent federal work. If not, the many benefits of cloud computing will be overcome by the tough challenges in this new environment.
The Federal Risk and Authorization Program (FedRAMP) is a “risk management program for large outsourced and multi-agency information systems used by the U.S. government.” FedRAMP was created to support government cloud computing plans.
According to Techtarget.com:
“FedRAMP is intended to facilitate the adoption of cloud computing services amongst federal agencies by evaluating those services offered by vendors on behalf of the agencies. The evaluations will be based on a unified risk management process that includes security requirements agreed upon by the federal departments and agencies. Because the services are vetted by FedRAMP, each agency does not need to conduct its own risk management program. This reduces duplication of effort, the time involved in acquiring services and costs.”
In my view, this detailed work is exactly the kind of effort that governments require across all 50 states. While there will no doubt be a need for some local tweaking, the same processes and procedures used for the FedRAMP program can benefit state and local government around the world - and not just in the USA.
At a recent symposium on high-performance cloud computing, Dave McClure, a General Services Administration expert on FedRAMP, told the audience that five new tiger teams with representatives from across government are working to improve FedRAMP based on feedback submitted from the public. These teams are working on (at least) seven improvements to the program.
According to Government Computer News (GCN), the improvements will address these seven issues:
1) Too many controls and controls for different risk levels.
2) More guidance on third-party assessors’ independence.
3) Continuous monitoring raises data concerns.
4) What is the role of the Joint Authorization Board?
5) What will be the role of government security operation centers?
6) How does the government ensure that FedRAMP is complaint with the Trusted Internet Connection?
7) What are the different security controls for the different cloud delivery models – Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)?
I urge readers to learn more about FedRAMP – especially if you are implementing cloud computing initiatives and exploring opportunities. Efforts are underway by the National Association of State Chief Information Officers (NASCIO) to work together with GSA and others in the federal government to leverage contracts, standards and more in the cloud.
The issues that Dave McClure recently discussed are the same issues that are bound to cause state and local governments to stumble in the cloud in the near-term. Security, privacy and legal concerns regarding cloud computing must be (and can be) addressed holistically. Let’s apply that famous 80-20 rule and get onboard this ship to the greatest extent possible. We will save time and money if we do.
How? What are next steps? It starts with education – learn about and become engaged with current activities.
Now what did FedRAMP stand for again?
March 20, 2011 By Dan Lohrmann
Microsoft released the new Internet Explorer (IE) 9 browser this past week, and government enterprises across the world now have another important product decision to make.
According to USA Today, “IE still holds a 54.3% market share, followed by Firefox (17.8%), Chrome (9%) and Safari (5%), according to Net Applications. It remains to be seen whether IE9 — which only works on Windows 7 and Windows Vista PCs; Windows XP users must stick with IE8 — can stem IE’s steady market share decline…. IE9’s distinguishing capabilities is the inclusion of a ‘Do Not Track’ privacy mechanism that’s similar to a privacy feature introduced by Chrome.”
Many governments are still in the process of upgrading off of older operating systems and non-supported IE (and other vendor) browsers. Windows XP support ended last year, and support for IE6 also ended in 2010. Still, many state and local governments are using these products.
Meanwhile, the latest Firefox, Google Chrome and Apple Safari browsers also offer new functionality and will continue to push the innovation envelope and ensure that new features are available to users going forward. This ongoing competition will not be ending anytime soon.
There are several browser comparison charts like this one from Top Ten Reviews and this chart from Microsoft which are available to compare various features. As you review your options, remember to take into account vendor bias on website content.
In Michigan government, we have teams that test various browsers with different applications to ensure that our users can reliably upgrade. This process is time-consuming and rather difficult for some – but needed to ensure that mission-critical applications still work after browser upgrades.
What I am doing at home? I will be downloading IE9 on my family computers and trying out the new browser for myself. This is becoming a regular pattern in our home.
Any thoughts on the new IE9 release? What is your government doing?
March 12, 2011 By Dan Lohrmann
As Japan strives to recovers from the devastating earthquake and tsunami, global governments are sending aid in a variety of forms. From emergency relief personnel, food, water and equipment to technical assistance in search & rescue operations and reestablishing critical infrastructure, the needs are great. But what are governments and individuals doing now? How are we helping both individually and corporately?
Actions Already Taken
"(First Lady) Michelle (Obama) and I send our deepest condolences to the people of Japan, particularly those who have lost loved ones in the earthquake and tsunamis.
The United States stands ready to help the Japanese people in this time of great trial. The friendship and alliance between our two nations is unshakable."
The President offered US military relief assistance to the Japanese people. After ensuring that their own equipment and personnel were safe, the Navy is sending in teams to assist in the relief efforts.
Emergency relief organizations are mobilizing support teams now, and any efforts to travel to the affected areas should be through globally recognized disaster relief teams. Many state and local governments assist in these teams through US and international mutual aid agreements.
However, the effects of this natural disaster in Japan were also felt world-wide yesterday. Tsunami warnings and advisories were issued in Hawaii and up and down the West Coast. Local officials were sending out alerts and reacting to the latest news and conditions. Rescue efforts occurred in many US States. However, California and Oregon sustained most of the tsunami damage on US soil.
Here’s a quote from one local official:
“While the impact of this incident in Japan is catastrophic, the impact here is minimal,” said Schaefer in the message. “None-the-less this serves as an excellent reminder to be prepared for the large scale earthquake that may some day strike California.”
How to Give
If you want to make personal donations, Global Post made a plea to give money, not stuff. Here’s why:
“… If you’re considering doing your part, that’s great. But, experts say, whatever you do, don’t donate anything but money. Under no circumstances should you mail care packages, toys, food or clothes. Don’t even think about sending drugs. The response to prior disasters shows that regardless of your intentions, you will only be making matters worse.
That’s what happened in the aftermath of the December 2004 tsunami. The disaster was followed by an unprecedented outpouring of global generosity. This dramatically facilitated the grisly chore of cleaning up the tens of thousands of bodies left under the tropical sun, and it funded a reconstruction effort that, while far from perfect, provided roofs over the heads of many.
But aid workers joked that the real tsunami was followed by another tsunami — of misguided goodwill…”
But what is the best way to give? Government Computer Newsrecommends the Red Cross and a few other traditional aid organizations:
“… The Red Cross has a donation line set up via text message that enables $10 donations to the organization by texting REDCROSS to 90999. The Red Cross has teamed up with mobile donation provider mGive to provide this service. UNICEF, Doctors Without Borders and AmeriCares also collect donations for relief efforts….”
Technological Role in Responding to Disasters:
New tools are being used in the recovery effort. Google’s People Finder as Twitter (and local variants) are helping to locate loved ones in Japan. The Web is now helping in a variety new ways during emergencies. Here are a few examples:
“Global web giant Google's person finder service had notched up over 45,000 records of people leaving messages seeking information on friends and family, or providing information about people in the disaster zone, by 1130 GMT.
The site was updating, in English and Japanese, by the hundred every few minutes.
A random search for the common Japanese surname "Sato" brought up hundreds of results, many of them for people living in Sendai -- the city that faced the brunt of the thunderous body of rolling water…”
But Watch Out for Scams
The Internet is full of pictures, videos and stories related to the 8.9-magnitude quake, which unleashed a 10-meter tsunami that washed away homes and tossed cars and boats. However, global disasters often lead to global scams and email phishing attempts taking people to fraudulent websites. Numerous scams have already been reported, and Security Week warned of a massive increase in new scams in coming weeks.
These scams are expected to be delivered via social networks such as Facebook and other popular websites, emails and other channels. Don’t trust web links in unsolicited emails asking you to give. It is best to type in the URL (Web address) yourself and go to a reputable organization.
Prepare by Training
This tragic situation underlines the need for federal, state and local emergency response teams to be prepared. Events on the other side of the world are the same events that affect us in the USA. Governments must always be prepared to respond, regardless of financial condition or other priorities. Together, we are making a positive difference, and technology and communication support is an important element in our emergency response.
Update on March 13
The LA Times is reporting that: Aftershocks, infrastructure damage hamper relief efforts. The scale of the devastation is immense, and numerous countries and relief organizations are sending in support. Our thoughts and prayers go out to those impacted by this disaster.
Building effective virtual government requires new ideas, innovative thinking and hard work. From federal stimulus projects to enterprise architectures to cloud computing, Dan Lohrmann will discuss what's hot and what's not in the world of technology infrastructure.