Jay Heiser

A member of the Gartner Blog Network

Jay Heiser
Research VP
6 years at Gartner
24 years IT industry

Jay Heiser is a research vice president specializing in the areas of IT risk management and compliance, security policy and organization, forensics, and investigation. Current research areas include cloud and SaaS computing risk and control, technologies and processes for the secure sharing of data… Read Full Bio

Coverage Areas:

How much of your data is lost at Megaupload?

by Jay Heiser  |  January 30, 2012  |  4 Comments

On the 19th of January, US authorities shut down a popular file sharing service, Megaupload.com, impacting millions of users.  The whole sordid story, along with much of the backlash and legal discussion, can be found on Wikipedia, and short version in a press release from the US Attorney’s office. .  A flurry of Jan 30 news reports suggest, probably erroneously,  that this customer data will be deleted on Thursday.

Like many file sharing services, Megaupload was merely the top link in a Chain of Providers.   According to AP  “A letter filed in the case Friday by the U.S. Attorney’s Office for the Eastern District of Virginia said storage companies Carpathia Hosting Inc. and Cogent Communications Group Inc. may begin deleting data Thursday…..The letter said the government copied some data from the servers but did not physically take them. It said that now that it has executed its search warrants, it has no right to access the data. The servers are controlled by Carpathia and Cogent and issues about the future of the data must be resolved with them, prosecutors said.”   The letter, which is not indexed on either the DOJ or Federal Court web site,  apparently allows the providers  to delete the data, but does not necessarily require them to do so.  Given that Megaupload’s financial assets are frozen, their hosters certainly have strong financial incentive to reclaim all that floor space (Carpathia is reportedly storing 25 Petabytes for Mega, and it comes as no surprise that the DOJ didn’t attempt to seize 1000 servers).

Without a running front end application, there’s no mechanism allowing customers to log in and access their data. How else could anyone make any sense of the millions of files stored at Carpathia and Cogent?  Depending upon the support arrangement for the servers, hosting providers likely have no need to know what is stored or how to access it. This was made clear in a press release this morning “Carpathia Hosting does not have, and has never had, access to the content on MegaUpload servers and has no mechanism for returning any content residing on such servers to MegaUpload’s customers. ” (They also explicitly denied awareness of any sort of instruction for a Feb 2 deletion) 

I sincerely doubt that any Gartner clients have formally contracted with Megaupload (let alone some of their sleazier porn-related sites) as a cheap (no pun intended) form of collaboration or file backup.  But I am certain that individuals within thousands of organizations, having decided that it was a useful service that their own IT departments refused to provide them, had uploaded corporate data into Megaupload.  If that data wasn’t backed up, it is almost certainly gone for good. This is neither the first nor the last case in which a SaaS provider disappeared overnight, effectively taking all of its customer data with it, but it may well be the largest data loss from a SaaS provider.  The fact that the data is still extent, yet inaccessible, must be especially frustrating to those who have just lost their sole copy of family photos or corporate documents.

I was going to say that as a best practice, companies that store significant amounts of pirated or otherwise illegal content should be avoided.  Then I realized that this is virtually impossible. Carpathia and Cogent, like Amazon and any other hosting service provider, always have huge amounts of illegal and unsavory content within their infrastructures.  At least in this case, it reportedly was stored on dedicated servers, not multi-tenanted ones. Let me be more precise and suggest avoiding multi-tenant SaaS offerings that are likely used by pirates.  Freebie web sites that provide public file sharing are almost certainly chock full of unsavory content, and are obviously not suited for enterprise use.

This might be a good time to figure out  if your users have been uploading your corporate data to Megaupload or some other freebie file sharing site.  It should also serve as a reminder that accessibility to data within a SaaS provider is dependent upon the ongoing viability and competence of that provider. If you have important data within a service provider, you need a contingency plan in case that provider disappears.

4 Comments »

Category: Cloud security     Tags: ,

4 responses so far ↓

  • 1 Cas Mollien   January 30, 2012 at 10:19 pm

    Great article and lots to think about. Especially for the SMB, where shoe-string budgets often result in poor decisions when it comes to data protection.

    Thanks for the insight.

  • 2 Rahul   January 31, 2012 at 5:54 am

    true, agree with the comment for SMBs to be careful.

  • 3 Jay Heiser   January 31, 2012 at 8:52 am

    This shouldn’t just be a concern for SMBs, or families looking for a place to store their scanned photos. Its unlikely that any organization with any sort of organized IT department had chosen Megaupload to be its preferred provider for personal file sharing, but it is likely that some individuals within many enterprise-class organizations were using it.

  • 4 Mega Retrieval   February 1, 2012 at 12:41 pm

    [...] then this represents the biggest cloud incident by orders of magnitude.  (See my blog entry How much of your data is lost at Megaupload for the full [...]