Feeds

Flickr flap illuminates cloud concerns

Caveat emptor

Security for virtualized datacentres

Briefly, a photographer used Flickr to store his pictures online – amassing more than 4,000 photos over five years. Being the helpful sort, he alerted Flickr to another user who was stealing content. Flickr deleted his account, by mistake and those pictures looked to be gone forever. Following a media firestorm, Flickr had a quick rummage and recovered his images.

But what if it had failed to find them? What recourse does the unfortunate user have? As I’ve told clients – and said in speaking engagements at industry events, weddings, christenings, birthday parties, and on street corners – you have none. If your data is deleted, corrupted, or exposed to anyone else with a keyboard and a screen, you’ll get limited comeback from your cloud provider.

Assuming you prove the problem was the cloud provider’s fault, you’ll get a sincere apology, maybe abject or even groveling. And they’ll mean it – they don’t want to lose customers’ stuff, because that’s bad for business. You’ll get a refund of any money you’ve paid – probably prorated – and maybe a credit toward future use.

This is layering on insult to injury. It is like having your liver removed because you ate tainted food, and then receiving a few cases of the same item from the food provider as compensation for your loss. It doesn’t make the customer anything close to ‘whole.’

Hey you, get on to my cloud

But the cloud providers can do little more. Put yourself in their place: you’re now Mr. Cloud, offering inexpensive storage space to users, and charging only for what they use at any given time. You have good practices, good employees, and a solid infrastructure. Can you possibly indemnify your users against any harm that might be caused by something that you can’t control?

As Mr. Cloud, can you guarantee that none of your dumb-ass employees might accidentally delete an important file? Can you afford to fight lawsuits brought by customers alleging grievous personal or business harm? You can’t.

Is there a technology solution to this problem? Maybe ... storage is cheap, and you can ensure you hold on to deleted files for an absurdly long time just to be certain the customer is really, really sure they truly want them deleted. There’s a cost to this; you’ll have to over-provision to beat the band, and it will cut into your margins and make you less competitive.

You have two routes open to you. The first is to offer your service on a “Hey, we’ll do our best to keep your stuff safe, but...” basis, where you make no guarantees.

This is how many cloud providers are operating today. Or you can take the route of the enterprise cloud providers, and negotiate comprehensive service level agreements with your customers. They’ll want assurances that your service will be highly available and highly secure, and that your employees won’t make mistakes.

The two of you will put all of the requirements on paper and also outline remedies in case there’s a problem. But it costs you money to provide this level of service, and you’ll find it’s damn hard to make it pay off if you’re offering a truly flexible, variable pricing menu. So you put in clauses with minimum and maximum usage to give your business some stability.

In searching around, you find a template that already has the language you need to protect yourself, and also gives your customers what they need in terms of service... What you’ve found is a hosting or outsourcing agreement – and those aren’t so new, aren’t so trendy, and aren’t all that cloudy either. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
VMware's tool to harden virtual networks: a spreadsheet
NSX security guide lands in intriguing format
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.