IBM's cloud faces a test on Thursday: Turning something off without turning users off too

Last time Big Blue tried to bin TLS 1.0 and 1.1 it turned them back on two days later

By Simon Sharwood, APAC Editor

Posted in Cloud, 28th February 2018 08:31 GMT

IBM's cloud faces a big test this week: turning something off without botching the job.

The "something" in this case is TLS 1.0 and 1.1, the known-to-be-ineffective cryptographic protocols that the world's abandoning just as fast as it can.

In 2017 IBM gave its cloudy customers just a few days' notice of its intention to turn off TLS 1.0 and 1.1 for several cloud services. Unsurprisingly, that short time left customers unprepared and many complained that their applications expected the old TLS to be present and weren't enjoying their absence. IBM therefore turned TLS 1.0 and 1.1 back on just two days later, a turnaround the likes of which The Register has never previously seen.

Which is not to say that IBM is alone in having made a mess of its cloud: AWS took down a chunk of the web with a typo and Google has broken its own cloud twice by trying two updates at once.

IBM, however, is just the sort of organisation one would expect to have a deep understanding of why a swift turnoff was a bad idea.

That it did not only re-enforced the fact it is playing cloud catch-up. Analyst firm Gartner last year rated it as "missing many cloud IaaS capabilities required by midmarket and enterprise customers" and was beset by delays in its attempt to catch up.

Big Blue has since kept up a decent clip of feature releases, but is not generally thought of as among the first rank of infrastructure-as-a-service providers even if its SaaS and other cloud services are impressive.

Which brings us to Thursday, March 1st when IBM will again try to turn off TLS 1.0 and 1.1. This time around IBM has given its customers plenty of advance notice. We first saw emails about the cutoff in November 2017. Notifications have landed regularly ever since, most recently updated on February 12th, 2018.

This time around, therefore, any TLS-is-missing disruptions should be users' fault, not IBM's. To ensure a soft landing the company has even promised to build a safety net to keep TLS 1.0 and 1.1 alive for an extra 30 days for those who land in trouble.

The Register therefore hopes we don't have anything negative to report come Friday. If we do, the stain on IBM's cloudy reputation may be hard to erase. ®

Sign up to our NewsletterGet IT in your inbox daily

8 Comments

More from The Register

Amazon: Intel Meltdown patch will slow down your AWS EC2 server

Sysadmins notice performance dip amid security fix rollout. Not everyone hit hard. YMMV etc

KVM? Us? Amazon erases new hypervisor from AWS EC2 FAQ

We've fro-Xen page to preserve evidence of NVMe servers and Xen's stay of execution

OpenSSL alpha adds TLS 1.3 support

Shambling corpse of ancient, shoddy, buggy, crypto shoved towards the grave

Google, AWS IPs blocked by Russia in Telegram crackdown

Two million addresses down, 4.2 billion to go - oh, plus the IPv6 address space

Google Cloud plays GTA in Snowball fight with AWS

That's the Google 'Transfer Appliance', to get data out of your bit barn and into its cloud

Microsoft Dynamics 365 sandbox leaked TLS certificate's private parts

Hey Redmond, is this your secret key?

ARM’s embedded TLS library fixes man-in-the-middle fiddle

IoT security helper is vulnerable to attacks by malicious peers

World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved

Forward-secrecy protocol comes with the 28th draft

AWS baits cloud hooks with DeepLens machine learning camera

Shipping in June for diehard devs with a lust for IoT kit

IBM Cloud turns TLS 1.0 off and then turns it on again

Big Blue admits it gave customers too little notice of the change and broke their code