Thanks for proving my fears well founded, McAfee.
A while ago, I wrote a piece about not trusting the cloud for a variety of reasons, predominately security and the potential for a third party to ruin my company whether it meant to or not. McAfee's massive blunder last week provided a case in point for that argument.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in the InfoWorld's 21-page Cloud Computing Deep Dive PDF special report, featuring an exclusive excerpt from David Linthicum's new book on cloud architecture. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
Granted, you can't really call McAfee a cloud vendor. McAfee's play is sort of the cloud model in reverse; instead of customers placing important assets on McAfee's cloud, customers download and install McAfee's software on their important assets -- desktops and servers -- and trust McAfee to issue updates without manual supervision. McAfee betrayed that trust in the worst way possible: It took down thousands and thousands of customer systems.
The same thing can and will happen to cloud vendors and their customers, but the damage could be far worse. While the McAfee debacle caused primarily Windows XP SP3 desktops and workstations to crash, servers and the corporate data stored on them were unaffected. If a similar situation were to happen to a real cloud vendor, the situation would be reversed. The time and aggravation required to reimage, repair, or reinstall hundreds or thousands of corporate desktop pales in comparison to the specter of massive data loss or long-term application and resource unavailability due to third-party problems. This should worry anyone who places trust in any cloud they don't control.
Naturally, other aspects of IT require significant trust in third-party vendors, but these areas are generally compartmentalized and can be accompanied by suitable backup strategies. You trust your storage vendor, but you also back up the data on their arrays. You trust your server vendors, but still keep spares on hand and implement virtualization or clustering to protect against hardware failure. You trust your WAN vendor, but have the capacity to deploy VPN backup in the event of a link failure.