Comments on: Cloud Computing, Data Protection and the German Mindset

By: Steven Roussey

Steven Roussey — Tue, 21 Oct 2008 17:36:08 +0000

Having been on the receiving side of lawsuits seeking private information, I can assure you that people will try and pry data out of providers without the user’s knowledge. At at a cost of $10K-100K+ per incident, providers are going to be tempted to comply, and write that into their terms and conditions that people tend not to read. It adds another person to sue, another person to subpoena, another source.

BTW: I once heard a Intuit guy say that they never expect too many Quickbooks users to migrate to the web — because they keep two sets of books! And when the authorities are knocking at the door, they know to destroy/hide one of them… not something they have the ability to do when the knock is at Intuit.

By: Roland Judas

Roland Judas — Sun, 24 Aug 2008 10:46:03 +0000

As you might see from the comments, the german state of mind is a special one, though there are other countries especially in Europe, that have similar concerns about “modern” topics like cloud computing. I strongly underline that data privacy is an important issue, especially after here in Germany CDs with millions of customer data incl. bank account data were sold to anyone paying some thousand bucks. On the other hand it is to simple just to say cloud is evil and on premise is good, in times of wireless LAN things boundaries become blurred somehow. Security and data privacy must not rely on system functions or SLAs. These features are more processes and They need be more present in the minds of companies, customers and users and also in the minds of legislators.

By: Markus Klems

Markus Klems — Fri, 01 Aug 2008 12:27:44 +0000

Chris,
I totally agree with your statement. For many enterprises security is a key issue. Most private users, however, don’t care much about privacy etc. (although people might say that it is important, they usually are not willing to spend much time on securing their environment, erasing footprint, etc.).

There surely is a vendor lock-in problem with Google App Engine. With Amazon EC2 on the other hand you should be able to shift your instances to another provider who uses similar virtualization technology. It still would be a hassle, though.

By: chrisw

chrisw — Fri, 01 Aug 2008 11:15:46 +0000

Hi Markus. I think businesses are right to be cautious of “cloud” data services. If you’re making the financial future of your business dependent on somebody else doing their job well, of course it pays to be cautious. It’s one thing sending unencrypted email (which we all know is insecure) to your friends, because nobody really cares about this data. But it’s another thing to have all your company’s data and documents held at an unknown location by a third party supplier with far more financial and commercial power than you.

We have already seen plenty of problems with outsourcing, and these issues will become more significant if you move from having specific agreements e.g. with data centres and individual service providers, to having a “one size fits all” agreement whose terms are essentially determined by the more powerful partner. How do you keep track of where they put your data e.g. to ensure confidentiality and security rules are applied? Data in the EU, India, Russia, China or the USA is subject to different laws, so which laws apply, and how do you enforce them when you may not even know where your data is? Do you simply give up and accept that the cheapest host’s rules will apply? What if your data ends up in China or Russia, where you may not be able to protect its confidentiality at all? The first person to hack into Google’s data stores will become rich enough to afford some excellent lawyers!

What if your business becomes dependent on these services, then the service provider changes their terms of business – how much power do you have over a company like Google or Amazon, and how much time/effort/money will it cost you to find an alternative provider?

Don’t get me wrong – I think Google is a great company with an innovative approach to technology in business, but that doesn’t mean I want to hand every piece of data over to them and hope they look after it wisely. Remember Murphy’s Law: whatever can go wrong, will go wrong!

By: Markus Klems

Markus Klems — Thu, 31 Jul 2008 07:54:56 +0000

David,
I think that these comments express a general fear of attackers/government agencies on the one hand and mistrust towards the cloud provider on the other hand.
So, even if you could assure that the data is save, people would probably argue that they cannot trust the cloud provider, like Google. However, I believe this fear is somewhat irrational compared to the real usage behavior of people in the net (they usually trust their ISP, or do not care about being logged, fishing Websites and bot nets are big business).
Security is a relative term. It must be weighed against other aspects, such as usability, deployment times, etc. In many scenarios the latter aspects show to be more important (do you usually encrypt your E-Mails when communicating with friends?). But of course if you develop applications in an enterprise context, this will be much more important.
My 2 cents.
Markus

By: David Habusha

David Habusha — Thu, 31 Jul 2008 07:35:00 +0000

Markus – I agree with the fact that this is the current overall perception of Cloud Computing security. Can you elaborate on how big was the “no trust” concern? Would these critics use cloud computing if they can be assured that neither an attacker nor government agencies can compromise their data?

Regards,
David Habusha

By: Geva Perry

Geva Perry — Wed, 30 Jul 2008 14:20:37 +0000

Markus — I think you nailed it with your final analysis. Very often the skepticism directed against “cloud computing” is really a general criticism towards “the Internet” or “web applications” or even “corporate data centers”. For example, I don’t understand how comment #2 applies to cloud computing or Google App Engine. The same is true for any remote server and it’s obviously a problem that has been overcome.

Geva Perry
GigaSpaces
http://gevaperry.typepad.com

By: Mike McGregor

Mike McGregor — Tue, 29 Jul 2008 17:23:18 +0000

I agree that the we are already living in the cloud. Shelly Palmer provides a good example in his latest blog article where he points to Amazon, who is rapidly transitioning from an online retailer to a tech company. Amazon offers Simple Storage Service (S3), Elastic Compute Cloud (EC2), Simple Queuing Service and SimpleDB. Businesses won’t have an option not to go with them, regardless of security, especially small and medium sized businesses who can’t afford, or don’t need, their own data center.

http://www.shellypalmermedia.com/2008/07/25/amazon-transitioning-into-a-technology-and-cloud-services-company/

Mike McGregor
Advanced Media Ventures Group