Feeds

Flickr flap illuminates cloud concerns

Caveat emptor

Internet Security Threat Report 2014

Briefly, a photographer used Flickr to store his pictures online – amassing more than 4,000 photos over five years. Being the helpful sort, he alerted Flickr to another user who was stealing content. Flickr deleted his account, by mistake and those pictures looked to be gone forever. Following a media firestorm, Flickr had a quick rummage and recovered his images.

But what if it had failed to find them? What recourse does the unfortunate user have? As I’ve told clients – and said in speaking engagements at industry events, weddings, christenings, birthday parties, and on street corners – you have none. If your data is deleted, corrupted, or exposed to anyone else with a keyboard and a screen, you’ll get limited comeback from your cloud provider.

Assuming you prove the problem was the cloud provider’s fault, you’ll get a sincere apology, maybe abject or even groveling. And they’ll mean it – they don’t want to lose customers’ stuff, because that’s bad for business. You’ll get a refund of any money you’ve paid – probably prorated – and maybe a credit toward future use.

This is layering on insult to injury. It is like having your liver removed because you ate tainted food, and then receiving a few cases of the same item from the food provider as compensation for your loss. It doesn’t make the customer anything close to ‘whole.’

Hey you, get on to my cloud

But the cloud providers can do little more. Put yourself in their place: you’re now Mr. Cloud, offering inexpensive storage space to users, and charging only for what they use at any given time. You have good practices, good employees, and a solid infrastructure. Can you possibly indemnify your users against any harm that might be caused by something that you can’t control?

As Mr. Cloud, can you guarantee that none of your dumb-ass employees might accidentally delete an important file? Can you afford to fight lawsuits brought by customers alleging grievous personal or business harm? You can’t.

Is there a technology solution to this problem? Maybe ... storage is cheap, and you can ensure you hold on to deleted files for an absurdly long time just to be certain the customer is really, really sure they truly want them deleted. There’s a cost to this; you’ll have to over-provision to beat the band, and it will cut into your margins and make you less competitive.

You have two routes open to you. The first is to offer your service on a “Hey, we’ll do our best to keep your stuff safe, but...” basis, where you make no guarantees.

This is how many cloud providers are operating today. Or you can take the route of the enterprise cloud providers, and negotiate comprehensive service level agreements with your customers. They’ll want assurances that your service will be highly available and highly secure, and that your employees won’t make mistakes.

The two of you will put all of the requirements on paper and also outline remedies in case there’s a problem. But it costs you money to provide this level of service, and you’ll find it’s damn hard to make it pay off if you’re offering a truly flexible, variable pricing menu. So you put in clauses with minimum and maximum usage to give your business some stability.

In searching around, you find a template that already has the language you need to protect yourself, and also gives your customers what they need in terms of service... What you’ve found is a hosting or outsourcing agreement – and those aren’t so new, aren’t so trendy, and aren’t all that cloudy either. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?