Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but maintain some editorial control so as to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: [email protected] or [email protected].
In October 2009, T-Mobile USA was forced to halt sales of its Sidekick phones due to the loss of subscribers’ personal contacts, calendar entries, to-do lists and photos due to a server failure at Microsoft/Danger, which makes the phone. When operating properly, Sidekick phones retrieve data that feeds the contact, calendar and list functions from the “cloud” after an event, such as a phone reset. According to a Microsoft statement, “a confluence of errors from a server failure that hurt its main and backup databases supporting Sidekick users” occurred and that – regarding the recovery of subscribers’ personal information – “the likelihood of a successful outcome is extremely low.”
Careful examination of the past reveals that this incident is not an isolated one. Also in October, U.S. cloud storage supplier SwissDisk suffered a catastrophic hardware failure resulting in users being unable to access their data. SwissDisk offers a service of accessible, easy to use, encrypted filesystems for online storage and backup. Its hosted subscription-based service offers consumers and small businesses easy access to their confidential data. All of SwissDisk’s customers’ data was lost during the failure.
In September 2009, when Palm performed a webOS 1.2 update, the company’s cloud-based servers failed, taking the Updates, App Catalog, and Backup features offline. While all the personal data on Sprint’s subscribers’ phones remained, when the Backup feature came online and accessed the phone to perform its nightly backup and found that the server was down, it assumed that the Palm Profile it was running (i.e. subscribers’ data) was invalid and performed a factory reset. The result was a wiped-clean Palm Pre that was rendered useless until the problem was resolved. Subscribers’ data eventually was recovered and restored once the servers came back online, but the loss of data was real, even if only for a short time.
In October 2008, Deutsche Telekom said it lost personal data for approximately 17 million T-Mobile Germany customers in spring 2006.
These losses were the result of carriers that were migrating their technology in an attempt to offer their subscribers upgraded, enhanced services, which is both a necessary effort and worthy cause. With the Sidekick phones and Palm Pre phones, these issues were partially or completely resolved.
These losses demonstrate the need for the highest standard of security for subscribers’ personal data, especially when many industry players still are wrapping their arms around the concepts of cloud computing and data redundancy. In addition, lost customer loyalty will result from violating the subscribers’ trust that their information is safe and protected.
To ensure the proper high levels of security, any secure system for subscribers’ personal information should involve the following “layers” of security management:
1. Secure transmission. Because synchronizing subscribers’ personal data between multiple mobile and computing devices happens over the Internet, a synchronization service/application should employ Secure Socket Layer to create a secure session between a device (e.g. mobile phone, laptop, desktop PC) and a cloud based storage data center. Using this technology, coupled with a password-scrambling routine such as SHA-1, personal data stored in the data center is safe from everyone – including the staff that manages it – and can only be retrieved with the proper encryption key.
One helpful hint regarding data transfer over the Internet: carriers and cloud-storage vendors will use either 56- or 128-bit key encryption depending on a subscriber’s geographic location. (Of course, the use of 128-bit key encryption is subject to restriction in certain countries under U.S. encryption export law.)
2. Fail-safe architecture. Another critical requirement is a distributed, redundant cloud architecture that is not completely dependent on the integrity of the cloud. In the case of the Sidekick and Palm Pre data losses, the architecture relied on a “single-cloud configuration.” In other words, the device had to be connected to the cloud to function. Thus, when the single cloud failed, the data was partially or completely lost, and the device was rendered non-operational.
Distributing data across multiple clouds that can be synchronized to prevent overwriting of more current data with old information is vital. In this case, the term “multiple clouds” refers both to a redundant server architecture (described further below) as well as other storage options that can be synchronized.
An example of a “multiple-cloud arrangement” can be found with a subscriber’s network address book, a multi-service contact sync application that can serve as the critical repository for contact information on a phone.
If the NAB was stored in three places – in the cloud, within a mobile device, and at each original source of contact information, also known as an “endpoint” (e.g. e-mail, mobile or internet service, social network, other media device, etc.) – and one source failed, then data could be restored from either of the other two sources. An iPhone contacts list has similar redundancy when coupled with Apple’s MobileMe application, a service that pushes new e-mail, contacts, and calendar events “over the air” to all of a subscriber’s devices to synchronize their iPhone, Mac, and PC.
3. “Always up” secure network. The network architecture should provide redundant connections to the Internet to ensure 24×7 “always up” service. The architecture should be based on an industry standard known as “n+1,” which specifies that individual servers can be upgraded and maintained without affecting service, and RAID technology provides up-to-the-second redundancy of data.
If carriers and cloud-storage vendors place their firewalls in close proximity to public and private Internet Exchanges, there should be more than one firewall protecting subscribers’ personal data from hackers. This configuration ensures the highest standard of security.
From a physical security standpoint, a data center should be equipped with safeguards to enable the highest possible physical security and safety. Features such as 24/7 security controlled access and monitoring, climate control, and heavy-duty steel cages and locks for housing all networking equipment, servers, and data storage should be prerequisites to keep personal data safe and prevent physical access to it.
While subscribers may not think about a carrier’s security standards and assume “everything is okay,” the impact on brand and customer loyalty when their personal data is lost can be extremely detrimental and irreversible. Carriers and cloud-storage vendors must consider highly secure transmission processes, fully redundant networks, and the speedy retrieval on information when needed.
Reader Forum: Creating a secure, redundant cloud-based solution for subscriber data
ABOUT AUTHOR
