The latest Twitter controversy surrounding the blog, the hacker and the cloud vendor isn’t disturbing – just inevitable. By now anybody with an iota of interest in cloud computing will know what this story is about. Many people are probably damning Google for their ” lack of security.” But hang on here. Aren’t people being quite cavalier with their data? The other day I refused to give my own partner my PIN… but as I write, it’s happily stored somewhere as a draft on GMail. That really doesn’t make sense.
Hell, I trust the cloud more than I trust myself
Who’s really to blame? I don’t think it’s black-and-white. Frankly, as a rule I trust some company I know nothing about a lot more than I trust myself. I leave my passwords lying around on the desktop. I write my PIN on a scrap of paper and keep it in my wallet next to my debit card (nobody’s fooled by the fact I’ve made it look like a phone number). I’m lazy and useless – and I suspect most people out there are too. However, I think cloud vendors have a responsibility to make sure they compensate for users’ inadequacies.
Keeping sensitive data in the cloud isn’t “probably going to happen” – for consumers, it’s been happening for years – the big vendors just need to pull their finger out. At the moment, if you get stung by a lack of cloud security you’ll just be told:
“Only a dribbling buffoon leaves all their valuable data in the cloud.”
While it’s true that simple passwords were used – and in this respect Google is relatively blameless – there really ought to be more safeguards in place so people are forced to at least set more secure passwords. This is a must if the business cloud is going to expand from web services and utilities into other areas such as secure data hosting.
Cloud storage, just like Esperanto and the Sinclair C5, is a concept that makes sense… almost.
Having access to your data anywhere in the world from any device is an incredibly powerful thing. The scope is huge, enabling much wider usage and new possibilities, most of which haven’t even been thought of yet.
The problem is, making your calendar universally available in the cloud is a very different thing to placing business-critical company and customer information out there – especially financial information. Despite the significant business drivers that may promote this approach – scalability, agility and all the things that basically remove the inertia that blights most IT departments – security’s still the show-stopping concern.
There are too many questions, and too few answers. What control do we really have over data once it’s up there? What’s the physical security of the data centre? Where is the data centre? Are there cross-border legal issues with hosting the data overseas or in territories with ‘incompatible’ legislative environments? What if you need to destroy data – is that even possible? Then we need to consider the availability of the data: what if the cloud provider folds or they’re taken over by an overseas organisation? If there’s a catastrophic data centre failure, what’s the recovery time? Do they even back things up or just hope that a single data centre will always be safe? It’s a glib but important question – you can have as much redundancy as you like at any given site but if it disappears into the San Andreas Fault you’ll be wishing you still had that magic DAT tape. Are we blindly throwing data into the sky in the hope it will stay safe? Ultimately, this is the big problem with storing sensitive data in the cloud – at least for now: there are just no convincing answers to any of these questions.
So let’s not throw the baby out with the bathwater – this problem just needs to be addressed, fast.