Thoughts on jumping into cloud computing

Bruce Schneier has a series of articles that ponder the risks and rewards of jumping into cloud computing. That is the concept of storing your data and computing power with an on-line service provider.

Some things to consider:

6/10 – Schneier on Security – Should Companies Do Most of Their Computing in the Cloud? (Part 1) – The answer is complicated. The efficiencies and cost savings are real and a major advantage.

On the other hand, there may be legal issues, such as your government creates far higher privacy standards than the country where your data will be stored or another country places severe restrictions on data you store there. Or some governments (i.e. the U.S.) make is exquisitely easy to turn over your data to any governmental agency that has a whim to take a peek.

Major risk that I see, which doesn’t get much attention, is what happens if your vendor suddenly goes out of business. The strongest conceivable contractual commitments do you no good when the vendor turns off their server farm. Collecting on a claim in bankruptcy a year from now is useless when all your data disappeared.

Then there is the risk you trip across some obscure trivia in the vendor’s term of service you didn’t know about. Your vendor can make a unilateral, unappealable decision to close your account. The first thing you will know of a problem is when every bit and byte of your data disappeared.

6/10 – Schneier on Security – Should Companies Do Most of Their Computing in the Cloud? (Part 2) – Article points out different approaches of students at Harvard, who store every last piece of their personal documents online, with Mr. Schneier, who stores all his personal documents and information on his systems.

Reasons? The same decision he faces as an individual is the same decision companies have to make:

  • Control over the data – who can get to it?
  • Security – He thinks he can do a better job than the cloud systems.
  • Trust – He has no trust that large corporations won’t sell his data as their intended business strategy or turn it over to any government agency or employee that has a whim to see it.

He does think that the benefits of cloud outweigh the risks overall. Just not for him personally.

6/10 – Schneier on Security – Should Companies Do Most of Their Computing in the Cloud? (Part 3) – Article provides an exquisitely brief survey of the long list of reasons why cloud computing is not trustworthy.

You don’t know whether your provider is actually taking security seriously or not. You don’t know how extensively your provider is selling you to others. You don’t have any idea how much of your data or how frequently your data has been turned over without your knowledge to which federal, state, and local government agencies. All the while, you are legally liable for any breach of your data.

Article says the level of trust we have in cloud providers is going to have to increase dramatically before cloud use really takes off. The necessary trust just isn’t there today.

There are some of the things to ponder as you consider launching all your mission critical files out to the cloud.

2 thoughts on “Thoughts on jumping into cloud computing

  1. Regarding security, and the ability of a person to provide better security than a cloud provider, Schneier is admittedly an unusual case. A reputable cloud provider can probably provide a higher level of security than I can, although more people would be interested in hacking the cloud provider.

    Some cloud providers address the legal issues that companies may face when going to the cloud. For example, my employer has a business relationship with Microsoft Azure Government, which is hosted in the U.S. and is operated by U.S. persons who have been screened in advance.

    One trusts that Microsoft or Amazon will not go out of business any time soon, and that you therefore don’t have to worry about losing your data. But then again, you never know. As part of its bankruptcy proceedings, Radio Shack was about to sell off customer data until the states stepped in.

    1. Hi John: I think few people would be as capable as Mr. Schneier of protecting their own data.

      The specialized department of Microsoft is something I’ve not heard of before. Cool. I assume there are other departments that are structured to comply with a particular European country’s rules.

      I have lots of clients that use vendors other than Microsoft or Amazon, which give them some exposure.

      Just read a client’s contract with a SAAS vendor. If the client does anything that violates the terms of the agreement, the vendor has the unilateral right to revoke access to data. Granted, it will likely take an extreme situation for them to bother. However, the possibility of a company’s oppsie going viral and the vendor wanting to disassociate is a measurable risk.

      Quite complex. Thanks for taking the time to comment.


Leave a Reply

Your email address will not be published. Required fields are marked *