Feeds

Flickr flap illuminates cloud concerns

Caveat emptor

Secure remote control for conventional and virtual desktops

Briefly, a photographer used Flickr to store his pictures online – amassing more than 4,000 photos over five years. Being the helpful sort, he alerted Flickr to another user who was stealing content. Flickr deleted his account, by mistake and those pictures looked to be gone forever. Following a media firestorm, Flickr had a quick rummage and recovered his images.

But what if it had failed to find them? What recourse does the unfortunate user have? As I’ve told clients – and said in speaking engagements at industry events, weddings, christenings, birthday parties, and on street corners – you have none. If your data is deleted, corrupted, or exposed to anyone else with a keyboard and a screen, you’ll get limited comeback from your cloud provider.

Assuming you prove the problem was the cloud provider’s fault, you’ll get a sincere apology, maybe abject or even groveling. And they’ll mean it – they don’t want to lose customers’ stuff, because that’s bad for business. You’ll get a refund of any money you’ve paid – probably prorated – and maybe a credit toward future use.

This is layering on insult to injury. It is like having your liver removed because you ate tainted food, and then receiving a few cases of the same item from the food provider as compensation for your loss. It doesn’t make the customer anything close to ‘whole.’

Hey you, get on to my cloud

But the cloud providers can do little more. Put yourself in their place: you’re now Mr. Cloud, offering inexpensive storage space to users, and charging only for what they use at any given time. You have good practices, good employees, and a solid infrastructure. Can you possibly indemnify your users against any harm that might be caused by something that you can’t control?

As Mr. Cloud, can you guarantee that none of your dumb-ass employees might accidentally delete an important file? Can you afford to fight lawsuits brought by customers alleging grievous personal or business harm? You can’t.

Is there a technology solution to this problem? Maybe ... storage is cheap, and you can ensure you hold on to deleted files for an absurdly long time just to be certain the customer is really, really sure they truly want them deleted. There’s a cost to this; you’ll have to over-provision to beat the band, and it will cut into your margins and make you less competitive.

You have two routes open to you. The first is to offer your service on a “Hey, we’ll do our best to keep your stuff safe, but...” basis, where you make no guarantees.

This is how many cloud providers are operating today. Or you can take the route of the enterprise cloud providers, and negotiate comprehensive service level agreements with your customers. They’ll want assurances that your service will be highly available and highly secure, and that your employees won’t make mistakes.

The two of you will put all of the requirements on paper and also outline remedies in case there’s a problem. But it costs you money to provide this level of service, and you’ll find it’s damn hard to make it pay off if you’re offering a truly flexible, variable pricing menu. So you put in clauses with minimum and maximum usage to give your business some stability.

In searching around, you find a template that already has the language you need to protect yourself, and also gives your customers what they need in terms of service... What you’ve found is a hosting or outsourcing agreement – and those aren’t so new, aren’t so trendy, and aren’t all that cloudy either. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Linux? Bah! Red Hat has its eye on the CLOUD – and it wants to own it
CEO says it will be 'undisputed leader' in enterprise cloud tech
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
Troll hunter Rackspace turns Rotatable's bizarro patent to stone
News of the Weird: Screen-rotating technology declared unpatentable
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.