August 25, 2011, 6:10 PM — In case the economy and wars and hurricanes and earthquakes where there aren't usually earthquakes have you feeling a little...insecure, Google has some good news for you.
If you're one of its Google Enterprise customers, it has you covered.
If all Google's engineers went rogue (a couple have) and threatened to destroy the world's supply of unused Gmail accounts, Google has you covered.
If aliens attacked the Earth in a rampage of hunger for Google+ accounts...Google has you covered.
But only in a kind of dull, disaster-recovery, business-continuity kind of way.
"Part of our disaster recovery plan is to assume the worst has happened," Google Enterprise director of security Eran Feigenbaum told CIO. "We play lots of games here."
So when it's time to test some portion of its overall disaster- and security-incident response plans, Feigenbaum doesn't just let the data center people assume a hurricane or a fire or a "Something" had gone wrong.
They have to identify a culprit, often an unusual one, cut the telco connections among data centers or put a couple of data centers out of action or destroyed all the data in the top-level systems in the storage hierarchy, or destroyed only the data related to one set of services or geographic region or that reflects a color in a shade of the spectrum beyond humans' ability to see, but that causes murderous rage in in reptilian humanoids hibernating underground for millenia.
"In last year's scenario, Google was attacked by aliens and California was off the map," he said. "We asked: What do we do? How do we run our infrastructure?"
Science fictiony stories put the drill in context for the techs doing backup-and-recovery work that would be tedious if they weren't in the middle of an enormous disaster – which they're not.
The stories also shake up the assumptions about what could go wrong in a disaster, to expose risks most sysadmins wouldn't believe could happen that don't require the involvement of aliens.
"I was in an intelligence community where we proved we could find out information about a computer that was not connected to a network and was in a secure room," Feigenbaum said.
He said it while comparing the security of the cloud to the expectations of most users, but the impulse is the same. Users expect "cloud" security and reliability to be perfect even when they don't expect anywhere near that level of performance in their own systems – for which they typically pay a lot more.
"Perfect" is impossible, but getting close means discovering, investigating and making contingency plans for things that may not necessarily be realistic risks right at the moment.