So you think the cloud is not for you? If that's the case, you are not alone. Feedback from The Register's readership has been consistently mixed on the subject of cloud computing. In spite of all the hype, many working at the sharp end in mainstream IT departments remain sceptical. While some dispute the economics and dismiss …
Is this really a big change?
My gut feeling is that the kind of organisations that share sensitive information with dodgy and/or inexperienced cloud players who are likely to have these sorts of hiccups would be about as likely to have inadequate internal safeguards of their own if they stored the data you shared with them onsite.
I suspect, therefore, that Cloud has added an extra layer of complexity to an existing corporate security question rather than creating a completely new question.
With that in mind I suspect that whatever corporate controls are in place to deal with data sharing and risk need only a small tweak to deal with the new technology.
"if someone we deal with is putting information we care about into the hands of dodgy or inexperienced cloud players, there is a potential exposure"
There will be. 100% sure. Shit happens. People lie. Then what? Is this worse than having an in-house box 90% secured and then broken into? Maybe, maybe not. Does anyone know? Probably not. "Let's wait and see" seems like a good position to take on this.
utilising a cloud service as a core business process is idiotic in the highest degree. (Assuming that 'cloud' means third-party priovision).
It is just just plain stupid on so many levels.
On the other hand, if a business with a large infrastructure centralises applications and data on it's own intranet, that's another matter, there's a lot to be said for a thin client provison model in some specific cases.
As for the small to medium size business, they would do well to resist the lure of enterprise scale cloud services if they ever want to make it to enterprise scale themselves...
Ancient wisdom: cloud is inevitable
As cited in Jarmush' "Ghost Dog", Yamamoto Tsunetomo wrote around 1710:
"There is something to be learned from a rainstorm. When meeting with a sudden shower, you try not to get wet and run quickly along the road. But doing such things as passing under the eaves of houses, you still get wet. When you are resolved from the beginning, you will not be perplexed, though you still get the same soaking. This understanding extends to everything."
There is good evidence Tsunetomo was a Vista user, as seen from this quotation: "It is a good viewpoint to see the world as a dream. When you have something like a nightmare, you will wake up and tell yourself that it was only a dream. It is said that the world we live in is not a bit different from this."
Probably less likely to cross national boundaries, but how many companies have everything in-house but store backup tapes with a third-party?
I don't trust the cloud solution - I much prefer to have it all where I can keep my finger on it. If something breaks in the cloud (several examples of this happening) then I have to sit around and wait for it to be fixed, if it breaks in-house then I'll be fixing it so I won't be bored.
cloud and personal data storms
Storing normal information on the cloud is in itself a dangerous prospect, but when you realise the majority of companies process personal data of one sort or another it becomes clear just what a compliance nightmare this really is. In America and elsewhere this raises at least confidence law issues, but here in the EU our data protection law makes the prospect of the 'cloud' a terrifying option in terms of legal compliance.
Protectionist are we?
It would be interesting to find out how many of the 'cloud is bad' brigade are working in IT positions which would be under threat if their employer moved to the cloud.
I for one say 'Cloud is Good'
Taking proper care of the data
Is there not a presumption to use strong encryption between the user and the data centre? Can the encryption not be maintained on the stored data? Certain confidential data will require appropriate encryption as a matter of course anyway. (When I say encryption, I actually mean a complete security policy including encryption, access control, authentication, backup, blah)
I still think the weakest points will be the employees and business partners themselves in casual exchange of confidential data.
There is an argument that a dedicated secure data centre can do a better job than a small company trying to build their own data centre on the cheap. By analogy, my money is probably safer in the bank than in my mattress, despite recent best efforts by the banking sector.
Leading Questions ... for Followers to Boldly Answer? :-)
"There is good evidence Tsunetomo was a Vista user, as seen from this quotation: "It is a good viewpoint to see the world as a dream. When you have something like a nightmare, you will wake up and tell yourself that it was only a dream. It is said that the world we live in is not a bit different from this."" .... By Marvin the Martian Posted Tuesday 25th August 2009 13:25 GMT
And is it as a dream, Marvin the Martian, and easily controlled by those who would realise IT is such?
And re "Protectionist are we?" ... By TJPSolutions Posted Tuesday 25th August 2009 15:25 GMT .... I agree. :-) And Clouds do not suffer Fools and therefore are they populated with rare and priceless jewels.
Unsurprising attitude given your website. Perhaps your target market differs from those who have am infrastructure of magnitude to maintain.
Tell me honestly, do you expect all IT departments to hand over the keys to "the cloud" because it's flavour of the moment? I'm not convinced by any one of the alleged benefits, not for anything other than mom and pop setups, who have little in place IT wise as it stands, because otherwise there is still an infrastructure required, albeit simplified, to get at "the cloud" and that will need looking after, so what exactly is the point?
Data Protection Registers
I know in one company I worked at we had to co-opt somehow one floor of one office in New York to be a temporary extension of the UK for some or other project initialisation. Sounds dodgy to me, yet storage of Personally Identifiable Information outside the EU can prompt all sorts of problems for the lawyers. I wouldn't want to be a test case, I'd take the wait-and-watch approach for others to set precedent whilst waiting for my current tin architecture to die by attrition, just for a few more years...
The cloud maybe illegal in Oz
The Australian Commonwealth Privacy Act 2000 requires - in plain terms - that companies subject to it a) know what data they keep on an individual, b) restrict access to that information to employees or agents who require it, c) secure that information, d) keep an audit trail of all access to that information. Failure to meet these requirements attracts very public and very-painful-to-the-business penalties. As far as I'm aware none of the cloud owners will give an SLA that's more than 'if-it-breaks-you-own-all-the-pieces' and 'trust-us'; in short nothing that would comply with the Privacy Act. That would make using a third-party cloud illegal for large companies subject to the Act. These large companies, in turn, expect the same level of compliance from any SMBs (too small to come under the full provisions of the Privacy Act) they deal with so most SMB's would be fools to go anywhere near a cloud.
@ Scott 70
No I don't expect all IT departments to go to the cloud and I accept that my target market will find it easier to move over to it. perhaps if companies with an 'Infrustructure of magnitude to maintain' may also find it cost effective to move to the cloud.
However there are real advantages for moving to the cloud (fully or partly) for organisations of all sizes and many are implementling roll outs of 10's of thousands of users.
All i'm saying is to dismiss it out of hand is a tad short-sighted.
i don't see how that could ever have been legal under UK or EC law... but I imagine it is the sort of thing that actually happens all the time because of the low levels of understanding and compliance with data protection