Feeds

Trust the cloud with my PRECIOUS? You gotta be joking

Violated, deleted... put your data up there and bad sh*t HAPPENS

Next gen security for virtualised datacentres

Being a hardcore music geek of a certain age, I own several thousand LPs, CDs, and cassettes that I accumulated over the course of several decades. But as any serious record buff knows, collections like this are not remotely scaleable. I have several closets bursting with music in assorted physical media and I know people who literally need to rent separate spaces just to store their LPs. So at a certain point, making the move to the digital realm can be too tempting to resist.

Thirty-page CD booklets and album-cover illustrations large enough to hang on a wall are nice, but in many ways relocating everything to a hard drive is nicer: Not only is the space for your library effectively infinite, but as an added bonus you can fire up any track you own without getting out of your seat. I rarely buy music in analogue form these days, and I’m perfectly happy with that. What I’m much less comfortable with, however, is the next generation of technological “advances” in archiving large libraries of data.

Storing your music collection, or anything else, in the cloud strikes me as so obviously dangerous that it’s hard to understand why anyone would consider it. The benefits: Someone else maintains the physical media. There’s no need to worry about running short of disk space. Backups are magically taken care of. The drawbacks: Where do I start? For data and code you use as part of your job, sure, there’s no reason for you to fret about the hows and wheres of physical storage; that’s what system administrators are for. But for your own files, there’s a long list of glaring risks.

Privacy? Pffft....

First off, the cloud’s owner knows about every song and book in your collection. Depending on how clean-cut you are, this may or may not be cause for concern, but “If you have nothing to hide you have nothing to worry about” is not a good reason to forfeit your privacy. You may have bought a copy of the book How to Pick Locks for educational purposes, or some of Charles Manson’s demo tapes for laughs, but you shouldn’t have to worry that someone will get the wrong idea about those purchases and report you to the authorities.

Then there are broader privacy questions. Can you be sure the cloud owner isn’t doing anything with your data? Is it conceivable that at some point in the future they might sell or rent it? Imagine how much marketing companies would be willing to pay for personal information stored in the cloud — even if it were anonymized.

The “trust us” defence, without a firewall, encryption, or storage that is physically offline as insurance, is too flimsy a guarantee when it’s your data at stake. Even assuming that the cloud owners have the very best intentions, there have been any number of cases where private information has been collected accidentally. In probably the best known of these, Google Maps cars were found to have been harvesting and storing data from unencrypted Wi-Fi networks, a fact that wasn’t discovered until a few years later. While this may plausibly have been a “mistake,” as Google claimed, no one disputes that the data was collected. But in fact there was some skepticism about whether this really was an accident, and the plot thickened when the Federal Communications Commission accused the company of obstructing an investigation into whether its actions had violated US law.

Easy wipes...

Data that you store in the cloud, not being in your physical possession, can be taken away from you in the blink of an eye. This may be the result of some bureaucratic mix-up—as was apparently the case a few months ago, when the full contents of someone’s Kindle were deleted by Amazon. But that’s of little comfort if you have to engage in an expensive legal battle or media campaign just to prove your innocence and get back the books that you’ve bought and paid for. (In the Kindle episode, during one round of correspondence with Amazon, the customer was snarkily told, “We wish you luck in locating a retailer better able to meet your needs.”) What does it mean to “own” something when it’s stored on someone else’s cloud server and can be wiped, possibly erroneously, with the flip of a switch? This is not ownership in any traditional sense of the word. In all fairness, EULAs often refer to it in other terms, but in most customers’ eyes that’s so much legal mumbo-jumbo, if they read it to begin with.

It’s quite likely that your data is safer on the hard drive of your home computer than on a cloud server. If you were a member of a terrorist group or some other miscreant, which would you choose to hack into? A cloud server is a far juicier and more attractive target than a random civilian’s 500GB "Macintosh HD". And given the much greater complexity of cloud storage, and the fact that it’s actually intended to be accessible to pretty much everyone, it’s not completely implausible that someone throwing all their resources at the problem might be able to find a tiny, exploitable hole.

Outage outrage

Finally, with the cloud you’ve got to trust someone else’s technology. You might laugh at the suggestion that your puny laptop is more sound than the world’s biggest server farms, but I know I’ve had almost no downtime on my MacBook in the past year, while both Apple and Google have experienced multiple cloud outages, affecting countless users. Imagine having your entire music and book collections suddenly vanish into thin air for two, three, six hours. This can mean anything from the minor convenience of being without your tunes for an afternoon to blowing a major presentation or webcast.

Having your music or ebook library compromised for any of the reasons given above is an inconvenience, albeit a potentially huge one. But that inconvenience is dwarfed by the risks you entail if you store your own data in the cloud. You don’t have to be paranoid to worry about having your private correspondence, tax documents, personal photos, or business plans on someone else’s computer — “someone” in this case being a monolithic company that might make any of a thousand mistakes. One of those mistakes might cause your files to be deleted, accidentally released, hacked, or snooped into, or your access to be taken away.

The glimmer of hope is that, for the most part, no one’s forcing you to go to the cloud. But it’s not outside the realm of possibility that at some point you won’t even have the choice. Already, on my iPhone, I find that using iCloud is much easier than not, making for a somewhat painful opt-out process. The next step might be to make things “simpler” still by making it yet more difficult to opt out. Considering what so many large ad-driven firms are known to be doing with cookies, “likes,” online-shopping data, demographic profiles, and “follow” information, there’s no question that the financial incentive to move people to the cloud is there.

All of this is almost enough to make me doubt the wisdom of going digital with so much of my media in the first place. It’s reassuring to know that you’d need a van, a team of strong movers, and a good couple of hours to haul away all my LPs. But if all that music were stored in the cloud, a simple invocation of the Unix rm command could make it disappear in a couple of milliseconds. ®

Next gen security for virtualised datacentres

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.