Monday, September 17, 2012

Have it your way: A story about McDonald's, burnt Apple pie, Go Daddy and your data.

Our blog has moved. You will find this blog post and fresh content on our new Talascend IT blog.

Who is responsible for keeping the cyber highways safe?
Everyone knows using the Internet is a security risk. There are people that make a living, a very good one at that, exposing weaknesses on the web. The internet is a security risk because your information; your life in essence, is dispersed all over the World Wide Web. Depending on where it is, it may be easier or harder to get at.

We have companies like Go Daddy. If I were to make an analogy, I would equate the company to the road to stores in the real world. Think of them as kind of like a national highway system of cyberspace that started in a dozen places.

If any one of those dozen or so starting points was shut down for construction, or say, destroyed by an explosion, failure, or whatever; then you couldn't get to anything along that highway. You'd have to reroute or sit idle in traffic for endless hours, maybe even days, until the authorities and emergency crews cleared up the mess.

To take the transportation analogy a step further, because the magnitude of its power is so significant, think of Go Daddy's recent DNS shutdown as something akin to a major hub airport being shut down.

When a major hub, one of dozens around the world is shut down, everything reroutes; an entire segment of the country (maybe even a continent) and all the related connector hubs go to hell. That's exactly what happened to our data that was riding on the 'cyber-transportation system' last weekend. The JFK of the internet went down and, although the repercussions were comparatively 'minor' in comparison to a major, physical catastrophic event, they were still significant.

Thousands, if not millions, of emails were not delivered or delivered after their intended landing time; causing delays in time sensitive confirmations, planning, and business/personal matters relying on that on-time schedule. Businesses were calling for roadside assistance to anyone who would listen; often getting a busy signal or no dial tone at all.

Yep. It was kind of like an earthquake shutting down the 405 in Los Angeles during rush hour. Millions stranded, with no cell service, and no way to remedy the situation except wait, hope, and maybe call on some deity for a resolution.

Then there are companies like Apple. They probably hold a significant majority of the country's (if not the continent's/world's) credit card information. Apple's  recent UDID security breach compromised a huge number of customer accounts. They blamed the FBI. The FBI said, 'It wasn't us.'

When Apple is compromised, an insane amount of personal information gets out into cyberspace for all to see; potentially creating a huge number of opportunities for cyber criminals and connections to non-affected but linked accounts.

We the consumer, rely on these mega companies. While huge in revenue, these two companies actually hold infinitely more power to affect our lives than say, if all of a sudden the McDonald's POS system went down worldwide.

With McDonald's, a POS system shutdown would be an inconvenience, but the results would not be catastrophic. If all of your credit card data in that POS were compromised, then we could talk.

I am not saying the recent security breach at Apple and the failure at Go Daddy are catastrophic. You can't go to another website. You need your bank or your airline or any other critical, but unique, service when you need it. You expect the bureaucracy of McDonald's; you expect reliable, familiar services as a consumer, no matter where you are in the country or world.

Should companies with such power be held to a significantly higher bar when it comes to reliability and safety? I'm willing to bet the government doesn't regulate the availability of McDonald's POS system; but they do oversee the airline systems and the registrars. They even regulate the data that we can and cannot disclose as a technical resources firm.

In my opinion, these companies by their very nature as online companies have a different kind of obligation. And the obligation will become larger and more important as we move forward.

I am not at all calling for government regulation.

If what Go Daddy did was so bad, wouldn't people change? How much were people truly impacted by the event? How much of it was media sensationalism and what was the actual cost of the event?

Companies such as these should realize their responsibility and accept that they are highly impactful in more ways than they can fathom. We, as consumers, have the responsibility to let them know how important reliability and security are to us.

There will be more events like these. Some may be more significant. The next time the 'big data POS' goes down, you could always head over to Burger King.