As most of you know by now, I’ve been slowly working in my spare time on a dot-com project. I haven’t knuckled down to do a proper risk analysis yet — let’s face it, coding is much more fun — but I’ve certainly kicked various scenarios around in my head while working on it.
So, for instance, I have design plans to use hash message digests on my server cookies, SSL encryption for most of the core components, outsourcing credit card management, keeping dollar amounts low to reduce incentives for fraudulent card users and so on and so forth. There’s heaps of nasty things that could happen.
I’ve been divided on how to manage server risks: what happens if one of my servers fails? In the early phases I’ve generally decided that this is a risk I will take on. My US provider (Slicehost) is reliable and quite capable. A search for “slicehost sucks” doesn’t turn up too many hits compared to some other firms. Slicehost manages various risks for me: power supply, fire, hardware failure, network disconnection. That’s what I pay them for, and they’re much better at it than I am.
But a few days ago the FBI swept into a Dallas data centre and took everything. And I do mean everything — every server, regardless of whose it was or what it was doing. The FBI have been known to seize individual servers or a handful here and there as part of investigations. They’ve built a rotten reputation for sitting on seized hardware for years and needing constant prodding and harassing to return it. Generally, the thinking goes, if the FBI take your stuff, you might as well write it off. It’s as good as gone.
The general way to manage FBI risk has been to prevent your server from being used for illegal purposes. Keep your server secure, keep the patches up to date, occasionally audit it, use security tools etc etc. If bad guys don’t start using your server, the FBI won’t track it down and take it.
But this is a new class of FBI risk. Now, my risk is based on the security of every server in the same data centre, which is something I cannot control. A commercial data centre could easily contain thousands of servers. A VPS provider like Slicehost could be running tens of thousands of virtual servers in a single centre. It is essentially a certainty that someone in that group has been cracked and has unwittingly started to serve illegal content.
Now I have to worry about dispersing my system across multiple data centres much, much sooner than I had planned to. Thanks a lot, FBI. You’ve basically added hours of work and a lot of extra expense to the plate of anyone who hosts servers in the USA.