Failure and Theft in the ECRM Cloud

By Dan Elam posted 10-12-2011 11:28



From Twitter:  “How do two Blackberry users talk to each other?  They don’t”.

The week isn’t half over and it has already been an important one from a cloud perspective.  At the top of the list is RIM’s Blackberry outage from an infrastructure failure that first brought down large parts of Africa and the Middle East before spreading to Europe and finally North America.  The timing for RIM couldn’t be worse as Apple finally turns on their iCloud service with the promise to move millions of more users to the cloud.  New ECM-darling and cloud vendor announced that they had received $81M in new venture capital funding, but the bigger news reported by Forbes was that they turned down a rumored whopping $600M purchase from Cisco.

Cloud is the hottest segment of the market and the deal is staggering. is still a little company today and to put this valuation in perspective, Documentum sold to EMC for $1.7B and Filenet sold to IBM for $1.6B.  Documentum and Filenet were both much larger companies with mature products, revenue streams, and sales forces.  Today, is the most valuable company in the ECRM industry per dollar of revenue.  No one else is even close and the reason is because of their relatively simple approach to ECRM in the cloud.  Cloud isn’t just the future – it is today.

The growing dependence on the cloud continues to raise issues, however.  The Wall Street Journal rarely reports when a corporate IT department has a server crash that affects an isolated company for a few hours, but when a big infrastructure player like RIM announces that Blackberry users can’t get email then you are talking about continuous TV coverage about the Crackberry users.  Even worse, the outage has lasted multiple days and many would argue that Blackberry support is a mission-critical application.

Apple makes their bet on cloud by finally removing the PC and iTunes and allowing users to keep all their documents, music, video, and email in the cloud.  Apple understands the value to users (and, not coincidentally, themselves by keeping 100M users locked into their ecosystem), but what is less clear is what happens when Apple suffers a cloud failure when the cloud is an integral part of the device.  Apple’s new Siri intelligent agent service only runs partially on the phone – the rest runs on the cloud.  If the cloud goes down, so does Siri.  In a “post-PC” world, losing even temporary access to your content can have enormous implications.  To be fair, every cloud vendor and every internal ECM application has the occasional failure, but when Apple has their first big failure it is going to prompt a lot of companies to rethink how they collaborate and make use of public cloud infrastructures.  (The irony is that much of Apple’s cloud actually comes from Amazon and Microsoft and thus Apple is at the mercy of two of their biggest competitors.)

But the cloud going down isn’t the only worry.  As cloud applications become increasingly centralized, they become targets for hackers.   Today, a hacker is unlikely to target your internal ECRM servers because it is hard, and let’s face it, you have a lot of boring data.  The odds are low for them to get anything meaningful that they can make money from.  It is hard for them to break into your system and so it isn’t worth the effort.  That is changing and cloud is a particular vulnerability.  As organized crime and governments move into this space, the ECRM clouds will be natural targets.

Recently the world’s most damaging virus was defeated by using a combination of legal and technical strategies.  The “Rustock” virus was a botnet infecting millions of computers which acted as zombies to send out a whopping 39% of the world’s email spam.  The virus and its own server infrastructure likely cost millions of dollars to develop, but that pales in comparison to the estimated $10M per month that was being made by suspected members of the Russian mafia.  A more targeted attacked could easily go after an ECRM cloud in an attempt to capture information and extort data.

Think such a targeted attack is too sophisticated?  Not for some!  Israel is suspected of creating one of the world’s most sophisticated and targeted viruses every produced.  Iran has been using German-made centrifuges to enrich uranium.  The centrifuges rely on a specific model of a Siemens programmable logic controller.  Ironically, the Israeli nuclear program uses the same centrifuges – with the same Siemens chips.  The Stuxnet virus was designed to infect only those centrifuges using those chips which meant that Iran’s nuclear complex was not only the target, but one of the few places in the world that could have actually been infected.  The virus infected 60,000 computers in Iran, but waited until it finally found the computers attached to the centrifuges.  Unlike a targeted virus that might been used to send data from the ECRM cloud, the Stuxnet virus made the centrifuges spin faster than they were designed and literally caused 6,000 devices to destroy themselves.  At the same time, the virus sent messages to the plant operators saying that everything was operating normally.  Such a sophisticated virus would have cost an estimated $3-10M – a fraction of the cost of a single airstrike that wouldn’t have been nearly as effective.

This week there are confirmed reports the fleet of Predator drones out of Nevada’s Creech Air Force Base have been infected with a key-logging virus and the military is struggling to remove the virus.  Already the live video feed from many of the drones can be hacked with a simple $26 piece of software – enabling terrorists to have real time video feed of the drone as it flies to attack them.  The key logging virus appears to be benign, but a more sophisticated virus might include alerts to enemies or even allow the drones to be taken over remotely and used to attack US forces.

These sophisticated attacks are more likely to be used against the cloud once the value of the content is worth enough to justify the expense of hacking and writing the Trojan-horse viruses.  Companies like RIM, Amazon, Microsoft, Apple, and others are well-equipped to fight back, but only once they recognize the threat.  The bank robber “Slick Willie” famously said he robbed banks “because that’s where the money is”.  Willie’s ROI-based theft actually led to today’s “Willie Sutton rule” in accounting and management consulting to focus on cost reduction of the areas of highest costs.  As those who look to profit from accessing corporate and government data will soon realize, the cloud is a far richer target than a single company’s repository.

#ECRM #hacking #cloud #ElectronicRecordsManagement