Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Counterfeit gear in the cloud

Published 05/26/2010

Counterfeit gear in the cloud

One of the best and worst things about outsourced cloud computing (as opposed to in house efforts) is the ability to spend more time on what is important to you, and leave things like networking infrastructure, hardware support and maintenance and so on to the provider. The thing I remember most about system and network administration is all the little glitches, some of which weren't so little and had to be fixed right away (usually at 3 in the morning). One thing I love about outsourcing this stuff is I no longer have to worry about network infrastructure.

Assuming of course that the cloud provider does a good job. The good news here is that network availability and performance is really easy to measure, and really hard for a cloud provider to hide. Latency is latency, and you generally can't fake low latency networks (although if you can please let me know! We'll make millions). Ditto for bandwidth, either the data transfers in 3 minutes or 4 minutes, a provider can't really fake that either. Reliability is a little tougher since you have to measure it continuously to get good numbers (are there short but total outages, longer "brownouts" with reduced network capacity, or is everything actually working fine?). But none of this takes into account or allow us to predict the type of catastrophic failures that result in significant downtime.

One way providers deal with this potential problem is simple: they buy good name brand gear with support contracts that guarantee replacement times, how long it will take a engineer to show up, etc. But this stuff is expensive. So what happens if a cloud provider is finds, or is offered name brand equipment at reduced, or even really cheap prices (this does happen legitimately; a company goes bust and stuff is sometimes sold off cheap). This stuff isn't under a support contract and is not up to the same specs as the real stuff meaning it is more likely to fail or suffer problems, causing you grief.

How do you, the cloud provider customer, know that your provider isn't accidentally (or otherwise) buying counterfeit network gear?

Well short of a physical inspection and phoning in the serial numbers to the manufacturer you won't. Unfortunately I can't think of any decent solutions to this, so if you know of them or have any ideas feel free to leave comments or email me, [email protected].

Feds shred counterfeit Cisco trade - With a new conviction today, the federal action known as Operation Network Raider has resulted in 30 felony convictions and more than 700 seizures of counterfeit Cisco network hardware with an estimated value of more than $143 million. -By Layer 8, Network World

Yikes.

Share this content on your favorite social network today!