Feeds

Trust the cloud with my PRECIOUS? You gotta be joking

Violated, deleted... put your data up there and bad sh*t HAPPENS

Intelligent flash storage arrays

Being a hardcore music geek of a certain age, I own several thousand LPs, CDs, and cassettes that I accumulated over the course of several decades. But as any serious record buff knows, collections like this are not remotely scaleable. I have several closets bursting with music in assorted physical media and I know people who literally need to rent separate spaces just to store their LPs. So at a certain point, making the move to the digital realm can be too tempting to resist.

Thirty-page CD booklets and album-cover illustrations large enough to hang on a wall are nice, but in many ways relocating everything to a hard drive is nicer: Not only is the space for your library effectively infinite, but as an added bonus you can fire up any track you own without getting out of your seat. I rarely buy music in analogue form these days, and I’m perfectly happy with that. What I’m much less comfortable with, however, is the next generation of technological “advances” in archiving large libraries of data.

Storing your music collection, or anything else, in the cloud strikes me as so obviously dangerous that it’s hard to understand why anyone would consider it. The benefits: Someone else maintains the physical media. There’s no need to worry about running short of disk space. Backups are magically taken care of. The drawbacks: Where do I start? For data and code you use as part of your job, sure, there’s no reason for you to fret about the hows and wheres of physical storage; that’s what system administrators are for. But for your own files, there’s a long list of glaring risks.

Privacy? Pffft....

First off, the cloud’s owner knows about every song and book in your collection. Depending on how clean-cut you are, this may or may not be cause for concern, but “If you have nothing to hide you have nothing to worry about” is not a good reason to forfeit your privacy. You may have bought a copy of the book How to Pick Locks for educational purposes, or some of Charles Manson’s demo tapes for laughs, but you shouldn’t have to worry that someone will get the wrong idea about those purchases and report you to the authorities.

Then there are broader privacy questions. Can you be sure the cloud owner isn’t doing anything with your data? Is it conceivable that at some point in the future they might sell or rent it? Imagine how much marketing companies would be willing to pay for personal information stored in the cloud — even if it were anonymized.

The “trust us” defence, without a firewall, encryption, or storage that is physically offline as insurance, is too flimsy a guarantee when it’s your data at stake. Even assuming that the cloud owners have the very best intentions, there have been any number of cases where private information has been collected accidentally. In probably the best known of these, Google Maps cars were found to have been harvesting and storing data from unencrypted Wi-Fi networks, a fact that wasn’t discovered until a few years later. While this may plausibly have been a “mistake,” as Google claimed, no one disputes that the data was collected. But in fact there was some skepticism about whether this really was an accident, and the plot thickened when the Federal Communications Commission accused the company of obstructing an investigation into whether its actions had violated US law.

Easy wipes...

Data that you store in the cloud, not being in your physical possession, can be taken away from you in the blink of an eye. This may be the result of some bureaucratic mix-up—as was apparently the case a few months ago, when the full contents of someone’s Kindle were deleted by Amazon. But that’s of little comfort if you have to engage in an expensive legal battle or media campaign just to prove your innocence and get back the books that you’ve bought and paid for. (In the Kindle episode, during one round of correspondence with Amazon, the customer was snarkily told, “We wish you luck in locating a retailer better able to meet your needs.”) What does it mean to “own” something when it’s stored on someone else’s cloud server and can be wiped, possibly erroneously, with the flip of a switch? This is not ownership in any traditional sense of the word. In all fairness, EULAs often refer to it in other terms, but in most customers’ eyes that’s so much legal mumbo-jumbo, if they read it to begin with.

It’s quite likely that your data is safer on the hard drive of your home computer than on a cloud server. If you were a member of a terrorist group or some other miscreant, which would you choose to hack into? A cloud server is a far juicier and more attractive target than a random civilian’s 500GB "Macintosh HD". And given the much greater complexity of cloud storage, and the fact that it’s actually intended to be accessible to pretty much everyone, it’s not completely implausible that someone throwing all their resources at the problem might be able to find a tiny, exploitable hole.

Outage outrage

Finally, with the cloud you’ve got to trust someone else’s technology. You might laugh at the suggestion that your puny laptop is more sound than the world’s biggest server farms, but I know I’ve had almost no downtime on my MacBook in the past year, while both Apple and Google have experienced multiple cloud outages, affecting countless users. Imagine having your entire music and book collections suddenly vanish into thin air for two, three, six hours. This can mean anything from the minor convenience of being without your tunes for an afternoon to blowing a major presentation or webcast.

Having your music or ebook library compromised for any of the reasons given above is an inconvenience, albeit a potentially huge one. But that inconvenience is dwarfed by the risks you entail if you store your own data in the cloud. You don’t have to be paranoid to worry about having your private correspondence, tax documents, personal photos, or business plans on someone else’s computer — “someone” in this case being a monolithic company that might make any of a thousand mistakes. One of those mistakes might cause your files to be deleted, accidentally released, hacked, or snooped into, or your access to be taken away.

The glimmer of hope is that, for the most part, no one’s forcing you to go to the cloud. But it’s not outside the realm of possibility that at some point you won’t even have the choice. Already, on my iPhone, I find that using iCloud is much easier than not, making for a somewhat painful opt-out process. The next step might be to make things “simpler” still by making it yet more difficult to opt out. Considering what so many large ad-driven firms are known to be doing with cookies, “likes,” online-shopping data, demographic profiles, and “follow” information, there’s no question that the financial incentive to move people to the cloud is there.

All of this is almost enough to make me doubt the wisdom of going digital with so much of my media in the first place. It’s reassuring to know that you’d need a van, a team of strong movers, and a good couple of hours to haul away all my LPs. But if all that music were stored in the cloud, a simple invocation of the Unix rm command could make it disappear in a couple of milliseconds. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.