The OVH data center disaster is shocking, but it isn’t exceptional
When images emerged of the fire at data centers in Strasbourg belonging to French cloud company OVH, it was impossible not to feel a sense of shock and horror at the scale of devastation. According to the VentureBeat report, almost 3.5 million websites were impacted. It’s thought that the disaster took down a not insignificant percentage of websites on the .fr domain.
In theory, a disaster like this can be guarded against with reliable and easily available backups. However, perhaps unsurprisingly, stories quickly emerged of organizations unable to restore data.
In some cases this was evidence of a lack of a decent disaster recovery plan — while data was recoverable, actually recovering it became a bit of a mission, meaning additional downtime — but in others it highlighted a glaring gap in any kind of backup whatsoever. For example, the game development studio behind Rust revealed on Twitter that the data it had lost was unable to be recovered. “We’ve confirmed a total loss of the affected EU servers during the OVH data centre fire. We’re now exploring replacing the affected servers. Data will be unable to be restored.”
What caused the OVH disaster?
At the time of writing, it isn’t clear what caused the fire. This in itself is somewhat concerning — it’s currently more than 48 hours since the news first broke. [Update — it’s believed that the fire was related to a recently repaired UPS — ed.] Disasters are unpredictable and usually just incredibly unfortunate events beyond anyone’s control. But when it appears to be a struggle to really get to the bottom of how and why it happened, it suggests that oversight and monitoring mechanisms are missing.
In the medium and long term that could prove to be of greater concern to OVH’s customers if the issue isn’t resolved, documented, and explained.
The impact of the fire on OVH
The impact of the fire on OVH, then, could potentially be huge. It’s an awkward coincidence that the fire happened just a few days after the company revealed it was planning to go public. Similarly, it dampens the launch of its project with Atos to build an EU-friendly cloud.
This isn’t to say that the disaster will mortally wound the company. OVH might not have the power and standing of US tech giants like Microsoft Azure and AWS, but it’s undoubtedly still powerful enough to remain resilient in the face of these sorts of events.
If anything, the more significant impact could be on perceptions of the industry — we’ve written a little bit earlier this year about the decline of trust in software, and this certainly won’t help. But while it’s important to look at how we rebuild and reaffirm trust between vendors and clients, in this instance, a sense of distrust might actually be helpful — it might force organizations to take backup and data protection far more seriously than they do currently. Paul Sawers nails it in his VentureBeat piece: “despite all the benefits that cloud computing brings to the table, companies are still putting all their trust in a third-party’s infrastructure, which is why having a robust disaster recovery plan — including data backups — is so important.”
Disaster and confusion are natural bedfellows
There’s one other aspect to this whole saga that’s easy to overlook, but nevertheless essential to note. This is the fact that disasters can lead to further confusion and turmoil. In other words, what begins as a single, awful event can be the start of further issues. This is particularly true when you consider how the situation can be exploited by cybercriminals. They know you’re vulnerable — when you’re living through a situation that is very much live, getting credible and reliable information can be even more difficult than it normally is.
OVH, to its credit, flagged this issue directly to its customers in its communications. “We ask that our customers exercise caution around the emails they receive” its press briefing read. “in times of crisis, it is common for malicious activity (phishing, spam, etc.) to increase. It is more important than ever to stay alert.”
Companies must assume responsibility for disaster recovery
The OVH fire will live on in the memory as a particularly shocking moment. It’s a reminder that data is material — something that exists somewhere, even when we’ve paid to ship it off to the ostensibly ethereal cloud. However, while the images might shock, it’s important to remember that none of this was particularly exceptional. Every company that relies on public cloud vendors must remember that they can’t outsource security. That’s something for which organizations need to assume responsibility. They can only do that by treating backup and disaster recovery with the attention and care they require.
What are firmware attacks? And why are they growing?
Can we legislate for transparency to improve cybersecurity?