Some things never change
M$ up to the usual FUD and flond campaign, oh dear.
Microsoft's assault on VMware knows no bounds. On Tuesday, as VMware opened its annual VMworld conference in San Francisco, Microsoft dropped an open letter into national McPaper USA Today that accused the company of trying to lock customers into a technology platform incapable of building a "complete cloud computing …
By the same logic they're trying to use against VMWare they were unsuited to build and sell Exchange/Sharepoint/OCS.
I would call it FUD, but to me FUD requires at least some base level of coherency to it - this is just confused and incoherent hand waving. Please someone, tell the boys in Redmond to put the crack pipe down!
As I said the other day (I'm not a lawyer and don't give advice other than to suggest that you hire a lawyer you trust), I understand that the owner of the "cloud" owns the data. So your data in the cloud doesn't have the same legal protection that applies to your data in your own server room.
Given Microsoft's history, they'd be last on the list of places I'd consider. Fortunately, that is not a decision I have to make.
I really do hope that Congress in the U.S. addresses this issue - soon. For other jurisdictions, you have to work on your own legislators.
You don't trust Microsoft? Why, may I ask? Microsoft like to extort money from people, but I can't actually think of any real privacy breaches or personal information landgrabs by them. They’re greedy and lazy, not stupid.
Who would you trust more? Google? The idea is so laughable my sides are hurting. Amazon? Maybe…in all honesty I don’t know much about their track record, but they seem good so far. Who else….Oracle/Sun? They would seem trustworthyish, but just as greedy and lazy as Microsoft.
IBM? HP? Dell? Apple? Sony? Not on my life, methinks. They are greedy AND lack any semblance of anything approaching ethics. If you don’t have ethics, you have a hard time understanding why others might want to keep their data safe.
Microsoft is an evil empire. It’s also the devil we know. Microsoft may try to take all my money…but I can not imagine them selling my data to someone else, nor can I imagine them changing the fundamental structure or formats of their cloud without giving a reasonable amount of warning beforehand. After all, they need to give warning so that their customers can cough up the money to pay for the format change.
With Microsoft I know I will always be able to get my data OFF of their cloud if I need it, and they are the least likely of the bunch to sell my data without telling me. I also suspect they won’t try to “own” my data either.
…but they’ll be bloody expensive.
NOW, will they be RELIABLE to use a cloud service…that’s a whole other ballgame. Personally, I’m not sold on the reliability of ANY cloud service. From a data security standpoint though…I’d trust MS before any of the other contenders.
I might have no respect whatsoever for my uppers here at HP (and 2001-onward at EDS before it), but I would disagree with your characterization of HP, IBM, and Dell (at least the former Perot Systems guys). For Christs' sake between those three alone we run IT for entire divisions of government, military, healthcare, banking, credit card companies - you name it. On any given day you can bet dollars to donuts that your information is passing through at least one system managed by us. We have extremely stringent legal obligations (in the states HIPAA, ITAR, various SEC obligations, just to name a few) requiring us to treat our clients data in an appropriate manner. My guys with government security clearances could go to jail for mishandling data in certain circumstances. That said, we are working hard to trash our old-school professionals (they're expensive after all) with cheap, inexperienced replacements that we pay very poorly (which, IMO, raises the risk of data theft) - but so is everyone else so that's not any sort of differentiator once you get to the big players.
So while Hurd - good riddance - and the rest of the muppets running the show here may be a bunch of slimeballs, the assertion that any reputable IT service provider (both the ones previously mentioned and my friends at ACS/Xerox and CSC) would steal your data or not exercise proper legally mandated controls is ridiculous.
That said, who wants your data... really? Other than the type of information that could be used for fraudulent purposes (credit card numbers, etc) nobody really cares about your correspondence, your spreadsheets, your powerpoints, etc. I remember way back when, talking to a client about an e-mail issue when they got all concerned that I could see their inbox - I had to explain that at their company alone there were 2,500 users that I managed and I had absolutely no time or interest in reading their e-mail. The only companies that really could make use of your crap are... drumroll... the type of companies that have serious data mining capabilities and server ads. Know anyone like that?
Don't get me wrong, the laws around data privacy and protection should be stringent - and content ownership too if that really is an issue. I would tend to say that the biggest issues are data integrity/reliability (will it be there when you need it?), and portability of your data (can you get it back out of the cloud and move it somewhere if you need to?).
At the end of the day, I think we're all going to wind up with a model more or less like the government. The stuff that's trade secret, or highly personal, you're going to wind up keeping under lock and key (where do I sign up for bulletproof encrypted 1 TB thumb drives?) and the rest will either be anonymized/aliased out on the cloud (the stuff maybe I wouldn't like repeated in polite company), or cleaned and sanitized with my name attached.
Also, for the record, ad servicing is what gets you your Yahoo/GMail/Hotmail accounts for free and pays for sites like El Reg too - your trade-off is the cookies on your browser, the ad views and clicks, and in the case of your mail or other free hosted services, you can bet there is an angle there somewhere too. There's no such thing as a free lunch. If the law or your contract with them doesn't bind a company from mining your data to serve ads to you, for example, they're probably already doing it - but be careful what you wish for, if we ban that money making exploitation of the services they're rendering for free you can bet they'll either disappear or we'll have to start paying for them.
*where am I, how did I get here, what did I write?
*note to self, turn off the damn laptop after the next all nighter you pull
The problem is that there is no middle ground. I don't doubt for a second that HP/Dell/IBM/whomever would provide the government, military or fortune 1000 companies with the best in anonymise, encrypted secure and reliable service.
As an individual and sysadmin for an SME, I also have zero double they would sell my soul out from under me. I am small, they are big. They don’t have any incentive to play fair with me: there are no laws to ensure it and in any case the regulators aren’t looking in their direction. If and when laws come about to protect the hoi polloi like myself, it is only AFTER a company has been brutally spanked in public for data loss/theft/selling that I will trust them. Only then will I know the leery eye of the regulator is watching, waiting for them to slip up again.
As for free services…screw ‘em. All of ‘em. I pay mu subscription to Ars Technica. I’d pay my subscription to El Reg as well…if they offered such a service. I would rather pay for the services I use and have my privacy than give Google my soul and have my literature for free. It’s a personal choice. I /like/ my privacy. I don’t think anyone needs to or should know where I am at any given time, what I am doing, thinking, clicking on, searching or what-have-you. Maybe that makes me a luddite, I don’t know.
The problem with the whole cloud thing is the imbalance of power. Even if you had a contract with a cloud service provider (because you pay them,) that contract is A) not going to be weighted in your favour and b) irrelevant anyways because the cloud provider has more lawyers than you have total staff members. The rights of the individual? HA!
Don’t get Government/Large Enterprise service provision mixed up with consumer/SME service provision, sir. They are different worlds. In the consumer/SME segment, corporations like DELL, IBM, HP and more cut every corner they can…and then a few corners they legally can’t.
So give me one good reason I would trust them? I don’t particularly trust Microsoft either, but I certainly trust them more than the alternatives available. The only reason for that is because they have been spanked a few times for anti-competitive and anti-consumer practices. When everyone is watching you…you behave.
I think I agree with most of what you said, but this bit
"nor can I imagine them changing the fundamental structure or formats of their cloud
without giving a reasonable amount of warning beforehand"
would have had me howling with laughter were I not at work! I can think of plenty of ocassions where Microsoft have changed their software entirely to prevent fair competition. In addition, these changes are always made when Microsoft can take predatory advantage of them. The thought that they wouldn't do this in the cloud is beyond belief - I suppose you could have been being ironic?
But this could apply to any of the other cloud providers! As usual the punters are screwed from both sides, we need standards and we need them now!
...most of that was really aimed more at Peter. The idea that you can legally lose ownership of your data by going with a service provider of any sort is one that I've heard floated before and unless proved otherwise is complete FUD.
That said, a company misusing your data, losing it, or stealing copies of it are more valid concerns. The recent story of cell phone cloning/theft by Sprint employees comes to mind. These are more typically seen as breaches in service (if not contractual terms or other legal requirements), they are not specific to Cloud Service Providers, are usually well publicized (not always of course), and are usually considered by the companies involved to be very severe incidents given the damage they can do from a client relationship, PR and brand standpoint.
Please don't get me wrong, I'm not saying to trust anyone - quite the contrary... if your data is sensitive and critical to your business or personal life, I'd recommend to anyone/everyone that they keep that stuff in their mitts, on premise, under both their logical and physical control. Farming it off in any form or fashion introduces some level of risk, even for our Enterprise clients.
The Enterprise vs. SMB (I think that's the same as SME?) vs. consumer equation is a valid concern too, but I take exception to your characterization of it. Yes, my Enterprise clients have serious legal resources if not hired guns like Toilet & Douche to come in and try and run us under the bus during contractual negotiations... but the stuff we're squabbling about are minor non-consequential nits compared to what you guys are discussing. We wouldn't even get into the room to talk to the client if T&Cs weren't going to be in our proposal to ensure we were accountable/liable for data loss, theft, security breaches, etc that are in our scope of responsibility. The important differentiator there vs. SMB and consumer is cost - not our perception of the client. Our fixed costs for providing service to a client are much higher than, say a Microsoft BPOS, because our starting point is more costly. For example, we do not have a single client connected to us for support that isn't segmented by physical firewalls. That's not because we like paying for and managing firewalls - it's because our clients wouldn't do business with us if we didn't.
Sure, by all means, read the contract - and no disagreement that there is a huge disparity in resources for a SMB/consumer should a dispute go to court (in which case reputation as a service provider is important)... but the one thing nobody has mentioned so far is architecture. If you're putting your data into a multi-tenant environment you had better understand what the architecture of the solution is.
For example, Microsoft BPOS (the 5,000+ version at least) uses VLAN segmentation instead of firewalls, clustering instead of backups, there is no service restoration SLA for any incident, and I'm pretty sure you have no control/review authority over what Microsoft employees are touching your systems. Our clients wouldn't let us in the door if we proposed a solution like that... and that's their Enterprise grade solution.
Because of cost and scale the smaller your slice of business is, the worse the solution will be from a security/integrity standpoint. There is just no way to get around that. With very few exceptions (only one in my experience) a company under 1,000 seats just flat out will not pay for an Enterprise grade solution (firewall segmentation, dedicated/private network links, dedicated hardware, etc)... and when it boils down to it, it usually doesn't make sense anyway. Even the smallest Exchange server, for example, will host way more than 100 seats. At that size you'll be looking at some sort of multi-tenant (sometimes better described as "shared") solution. Your inherent risk with a solution like this (regardless of who is providing it) will be higher than keeping it on premise, or under an Enterprise-grade hosted model like I have been describing.
Also, and I can't stress this enough, if you care about your data make sure there are backups somewhere! With most cloud providers (including Microsoft) they have redundant solutions but no backups - licensing, tapes, tape libraries, etc are expensive after all and you're asking for cheap.
As the owner of your data - whether it be for an enterprise, SMB, or just you - you have to make judgement calls on this stuff, and it's not really that easy to do. I can have these conversations in my sleep (which is just about what my prior post was - sorry!) because I have sat down with enterprise clients to dig through this stuff, not to mention being in the industry for longer than I'd care to quote here.
Don't "trust" anyone with your data - do your due diligence, understand what you're signing up for and make an informed decision.
...and FWIW, regarding "free" solutions, I'm a little bit of a luddite too if tht's the proper term for someone who is privacy-conscious
The key is "without a reasonable amount of warning beforehand." BY this I mean "A few months." They are not going to change the formats behind their cloud overnight such that you walk into work the next day and nothing works. They WILL change the formats to prevent competition, and extort money from you. They WON'T do that in such a way that prevents their customers from adapting in time to extort said money.
As I said; Microsoft is expensive, but I can reasonably trust that they won’t take my data and walk off. I will always be able to get said data, though I will likely have to pay much for the privilege.
Good intel there. I can't dispute any of it, except to sya that my experience nad my instincts tell me not to trust HP, Dell, IBM or really anyone else to host my stuff in the cloud. You talk about the sprint phone cloning, or exceptional items occurring because of the actions of a few employees that are outside the extant contract. I realise that /most/ actions that might endanger your data are perpetrated by individuals rather than the corporation itself.
…and? Bubba Joe Bob steals my corporate data and sells it to my biggest competitor for two squids and a goat. If this becomes public, or HP/IBM/Dell looses a lawsuit over it then their reputation is on the line. I can sue, but they will ERASE ME FROM EXISTANCE long before that ever gets to court, or anywhere else. David has a contract with Goliath, and Goliath sits at the back of an army of bloodthirsty lawyers carrying shoulder-mounted missile launchers and laughs at the primitive with a sling. David is dead, and has no more lives left. Game over.
You mention the difference between VLANs and firewalls inside the cloud. I won’t debate you for a second that this is an important enterprise distinction. From an SMB standpoint however, it’s really not. I am not exactly worried about other tenants on the cloud hacking my data, since paying off an insider to get at my data is far easier. No matter the technology, the HUMANS involved are the weak links. I have been called paranoid for talking about it before, but in any scenario where the human being involved are essentially untouchable, I get really nervous about dealing with them. In the case of cloud computing, as an SME or consumer…the folks on the other side of the wall are completely inaccessible from either a “run down and taser the bastards” or “send a lawyer at them” standpoint.
This is why my personal domains all go through my personal webserver. It is also why I run my own website, host my own storage and download the media I consume rather than stream it. I am a luddite. I didn’t grow up as part fo the new generation that was raised to “trust in the Google.” I wasn’t raised to believe that corporations like Apple “know what’s best” and “genuinely want what’s best for their customers.” I grew up watching corporations rape and pillage the society I loved until nearly all of the things I held dear about the world were whittled away to the barest shell of their former selves.
In my opinion, people today are willing to sell their privacy, right to choose their elected representatives, and right to hold their various elected representatives accountable for their actions for a pat on the head and a new “limited edition” colour of plastic case for their MP3 player. Given the sheep-like bleating that emerges from individuals and SMEs, the concept of things like class-action suits ever being a threat to a megacorporate is laughable. Depending on the information you propose to put into “the cloud” (and thus in the hands of these untouchable megacorporates,) you are quite literally betting your future (via your personal information) or that of your business on the benevolence of said megacorporate entity.
I just can’t find it within myself to trust any megacorporate. There are those however that I trust significantly less than others.
This plainly scummy organisation stilted IT development for many years with threats, including litigation, usually aimed via other companies that they financed. There is no reason at all to trust M$. Who do you think financed SCO for so many years until they couldn't hide it any longer?
M$ deserves as much degradation as can be mustered. Steve & Bill have both proven themselves to be scum.
Which of the megacorporates in IT don't?
Google sells you to advertisers like you where a cheap ten cent whore. They then try the old “if you have nothing to hide, you have nothing to fear” routine.
Apple has such little respect for it's customers it has to wall them into locked gardens whilst charging outrageous prices for faulty and sub-par equipment. Meanwhile, they are trying to sell you like a group of expensive but mindlessly devoted whores so it can cash in on this advertising thing and make themselves into the next Google.
Sony plays the "proprietary format" game even harder than Microsoft...going to far as to install rootkits on you machine via their audio CDs.
Dell sell known bad computers, then RMA them with known bad computers, then deny everything. All the while screwing /millions/ of people over during the Pentium 4 era by accepting bribe money from Intel.
HP sells sub-par equipment to consumers then disclaims any warrantee at the drop of a hat. They also must be selling the sanctified blood of virgins in their ink cartridges because it’s one of the (if not the) most expensive fluids on the planet. Then they spy on everyone, lie to all of their employees right before major cullings and provide such an unbelievably demoralised workforce that their support is beyond abysmal.
IBM has had their middle finger in the air to the entire world. They are famous for viciously using any and every anti-competitive tactic known to man to protect their mainframe monopoly. Right alongside they this have lead the charge to drive down the wages of IT professionals, howling consistently louder than anyone else for the right to export as many jobs as possible to low wage countries whilst importing as many low wage workers to western countries as they can.
This leaves Microsoft, Cisco and Oracle. These companies can rightly be accused of crimes against open source. They are run by soulless, amoral, egotistical greedmongers. They play proprietary games at every turn and have made no bones about the fact their long term business plan involves being “everything IT” and locking you into their homogenised ecosystem. They push out or buy up competition and drive the prices of their products through the roof.
So there we have it; the 800lb gorillas of IT. (Minus some of the Asian corporations like Samsung, etc. who aren’t IT companies per se, but chaebols of which IT is only a small part of their overall business.) Each and every one of these IT goliaths is unabashedly, unreservedly and unrepentantly evil. They would all sell your soul for a bent copper whilst robbing your mother and pillaging your hometown.
The issue at hand wasn’t who was “better” or “more noble” or in some other way “not a gigantic sack of fail.” The question was which corporation, based on past experiences and their business model would I (be most likely to) trust with my data. The answer to this is Microsoft.
The reasons are simple: Microsoft is trying to carve a niche out for themselves; “you own your data, you run your servers, but we can augment them with our cloud architecture if you want.” This is a direct reaction to outfits like Google. It is an attempt to capitalise on the desire for privacy, corporate and personal data ownership that individual and corporations have.
Understand this: I might /possibly/ consider trusting Microsoft with my data only because I fully understand that Microsoft believe they can make a profit securing my data and selling me my privacy. I don’t think that it’s “right,” and I certainly don’t think Microsoft is “good.” I do however think that for so long as they believe that there is money to be made selling privacy to the milled masses, they will be a safer place to store my data than the other contenders.
Which I why I will NEVER, EVER host my data in the cloud. If, of all companies, Microsoft is the best bet for security and privacy of consumer and SME data, then **** THAT NOISE BROTHER.
I’ll build my own servers and host my own data. I may trust Microsoft more than the others to protect my data, but it is still a question of “which scorpion to you believe will let you get farthest across the river before they sting you?”
I don’t trust cloud anything. Not from Google, Apple, HP, Dell, IBM, Sony, Cisco, Oracle, Microsoft or just about anyone else. I *might* be capable of trusting Amazon in the future…but I have to learn a lot more about them first. It’s my data. My location information. My usernames, passwords, files love letters, affairs, plots against Dick Cheney, plans for protests against my government, super-secret patent designs, ideas for a novel/movie, and my next article. It’s my privacy. My /right/ to conduct my affairs without having those affairs snooped on, data mined, sold, “borrowed” by a staff member that “the company disavows all knowledge of” and my further /right/ to conduct those affairs without my government or the rest of the world snooping on all or any of it.
No corporation, regardless of marketing pap, company motto, cult leadership, fancy logo or sales volume has the right to my trust. Trust, especially as regards privacy, must be EARNED. Microsoft have done a lot to lose people’s faith, it’s true. But unlike many, I haven’t ignored the past ten years where they have struggled hard to regain it. They aren’t there yet…but I suspect that one day they will be. They may yet become the beacon of corporate trust, privacy and security.
As I said before: that’d ****ing terrifying.
@Peter is right - I wouldn't trust MS any more than Google with a companies' data. If I were forced to go cloud (thank God I'm not) I'd probably consider IBM - but as their offering is called "Cloud Burst" and that just gives me bad vibes about failing servers and downtime, I think I'd try to give them a miss too!
How does Amazon perform in this arena?
Muckrakingsoft still don't guarantee their software & why is that? Because it's put together in a hurry, tested poorly & fails regularly. Compared with VMware, as you intimated, their Hypervisor should still be beta at best & probably alpha at worst. They crap on at VMware, a company that has had virtual software working well for several years & continue development on this.
I still wouldn't trust any of these companies with my data in "The Cloud"!!
"The trouble is that they aren't quite ready yet. Microsoft has promised Azure appliances from the likes of Dell, HP, and Fujitsu by the end of the year."
Oh, like the new Windows phone 7? And windows 7 equipped tablets? And the social mobile phone that I just don't remember the name dropped off the market within weeks? I think the old FUD to stop costumers to buy from the competition and wait for the Microsoft vision of a quasi+finished+beta+quality+release suite of the same thing but a pain to work with and waiting for the SP10 to work just barely (fewh...) doesn't work anymore but they don't know that. Their corporate mentality staled in the 90s....
When you can run your apps on VMware with NO OS Microsoft is very concerned. VMware is close to doing that for applications and server services. What do users use daily? Applications. They do not care about the OS. Windows just gets in the way, at least with a MAC computer the OS is there but is not in your face all the time with errors and dialog boxes...
Microsoft's time is over, they assumed for too long they would be the only mafia in the USA, now the russians and the chinese are doing a beat down on Microsoft.
I've decided to divorce my wife, and invest all my money in setting up a consultancy that will migrate from the "cloud" back to data centres. I know a company that outsourced all their non-critical apps to the "cloud", the stuff has moved from their suite in a Dublin data centre to across the hall in the same Dublin data centre. Cost benefit - about 0. SLA, go away. Gartner whitepapers sold to management - priceless.
The "cloud" is the latest buzzword, we have had Green-IT, outsourcing, thin client. Nothing changes only the suited selling the latest trend,
Microsoft are still living in the nineties when they had a semblance of relevance and people actually stood up and listened attentively every time MS started flinging the FUD and claiming their own guaranteed-to-be-better product will be coming Real Soon Now!
Often times the only thing that made MS products "better" was the fact that they crashed less often than their competitors due to MS coding checks into their OS to induce crashes whenever a competitors products were detected.
The trouble is, like the boy who cried wolf, we have heard it all before and some of us still bear the scars from listening to their FUD outpourings in the past.
Unlike MS, we've moved on and proclamations from some crazed MS exec about how nobody can do it like MS does are not only increasingly falling on deaf ears, but attaining cult comedy status amongst a significant proportion of the tech-o-sphere.
Enough already MS. Just concentrate on milking the last few drops from your legacy monopoly status and leaving the going forward part to participants in the IT industry who have some sort of a clue.
He was the Iraqi Information Minister, guilty of gems such as:
"There are no American infidels in Baghdad. Never!"
"My feelings - as usual - we will slaughter them all"
"Our initial assessment is that they will all die"
"I blame Al-Jazeera - they are marketing for the Americans!"
Anyway, he reminds of this MS guy. Delusional doesn't even cover it.
"....nor can I imagine them changing the fundamental structure or formats of their cloud without giving a reasonable amount of warning beforehand"
What? Have you been living in a cave or something? They do it to their local file storage all the time!
Have you ever written a powerpoint using Office 2000 and then played it on Office 2003? It's totally buggered and this is the same application!
I'm not going to even start about OOXML
I think anyone who believes their data will be safer in "The Cloud" is kidding themselves. Leaving your data with another organisation who won't be trying to find a way to break through their own encryption & storage is kind of like having a Mt Everest in the back yard & never trying to climb it. None of these organisations can be trusted, least of all Muckrakingsoft with their backdoors to the NSA.
Build yourself a file-server on a web-server. Maintain it with someone you're paying privately & then have your own cloud instead. No, you can't always trust them either but you've got more security there than paying a company like M$ or VMware.
Biting the hand that feeds IT © 1998–2018