Feeds

Five reasons why you'll take your storage to the cloud

And five reasons why you won't...

Internet Security Threat Report 2014

The cloud will inevitably replace all other forms of IT. The cloud is a passing fad. The cloud is good, it is bad and it is hideously ugly. The cloud is a paradigm shift that will obliterate all previous technological developments. The cloud is an iterative evolutionary augmentation of extant technologies and nothing to write home about.

The marketing for the cloud is terrible, was terrible and will be terrible in the future. Nobody can agree on what the cloud is, why we should care or even if it's of benefit to us. Despite this, nerds the world over have opine passionately about the ephemeral technology du jour and The Register does so like stoking the fires.

Thus we present five reasons you won't go into the cloud ... and five reasons you will.

1. This salt shaker is bugged for your protection

"The cloud" as it stands today basically means "American technology companies". There are a few outliers – primarily in IaaS – but the really sexy stuff is almost all American. This is a practical problem for cloud adoption advocates.

Wading through the legal morass of what kinds of data we can legally store where is expensive, frustrating and subject to change with the next law passed by our governments. The net result of this is that it doesn't make business sense to use American cloud providers for anything. Even if they have a datacenter in your country they can still be compelled by their government to pull any data you've stored (such as the personally identifiable information belonging to your customers) and never tell you.

For obvious reasons an American legal attack surface of any kind is simply unacceptable in today's cloud computing. What of the UK? I'm pretty sure that as a Canadian company I can't store data there either. Probably not France, given recent revelations on their side too. China's out, for obvious reasons ... that leaves "store my data in my own nation" or "store it in Switzerland". (There are a few EU nations I could probably get away with for now, but I'm sure that's only until their own intercept programs are made public.)

Ultimately the only solution is "the data must be stored only within the boundaries of your own nation and by companies without a legal attack surface in other nations." Legal attack surface, BTW, does not simply mean "headquarters are in your nation."

If the sysadmins live in another nation then the men with the dark suits can show up with a "do this and never speak of it" letter and you'll never know your data was pulled. If your customers have reason to believe that their data was read they can sue you because you made the choice to use that cloud provider and it was that choice which put their data at risk.

The only acceptable solution from a privacy standpoint is that the cloud provider must license their software to a company within your nation that then stands it up inside the datacenter of a hosting provider that is also located in your nation (and who has no legal attack surface anywhere else.) Of course, that's anathema to most cloud providers and impossible for many others. If they've built your application on a PaaS offering such as Amazon, then they're stuck ...and so are you.

On the other hand ...

300 million-plus wallets can't be wrong!

The counter argument to this is simple: the rest of the world doesn't actually matter all that much. The CEO of a cloud provider crystallised the argument around privacy during a PupperConf after-party this year.

"There are several dozen US companies spending or willing to spend a million or more per month on cloud services," he told me. "But I haven't seen one outside the US willing to do that." The big money is in America and most cloud providers will do just fine mining that market for some time to come.

The rest of the world takes consideration, care, investment and a heck of a lot of work to deal with. Most cloud providers have built their business not only around the software they sell but around the internal business processes they use. Some tout their DevOps prowess, others their support, stability or what-have-you. To replicate that outside the US requires partnerships, licensing and constant vigilance to ensure that licensees do not ruin the cloud provider's good name.

There's a lot of money to be made in America. More than enough for the next decade or so. What's more, non-American companies don't seem all that bothered by little things like their own data protection and privacy laws. It's easier for everyone to simply assume that politicians will smooth out any barriers to adoption.

Everyone's doing it. You can no more kill cloud computing that you can stop non-commercial copyright infringement, win the "war on drugs" or succeed at prohibition. Many businesses are seeing benefits from cloud computing whereas few have been sued over the privacy aspect. Statistically, it seems likely you can use it to your advantage and get away with it.

2. 404 as a Service

Google goes dark for two minutes and significant chunks of the western world wonder if they should go home, or wait for Google to fix itself. It sounds like the premise of a science fiction novel, but this actually happened a few weeks ago.

In addition to the cloud provider having a lie down there are layers of things that can go wrong between you and the provider, The ever-present idiot with a backhoe, ISP router misconfiguration or even the NSA botching a fibre tap and accidentally wiping out an undersea cable or two.

Natural disasters are another consideration. Here in Edmonton we pretty much don't have natural disasters; there's the odd tornado every few decades and flooding is a possibility if you live by the river, but statistically there are few better places to have a pile of servers run reliably for years at a time. If I go put my data in a datacenter in San Francisco then natural disasters as a service interruption modality become something I have to start thinking about.

As a consumer of cloudy services you have no control over versioning, UI (Google stop moving my buttons!), or the development process. In the wrong hands "rapid release" can mean "automated iterative failure as a service."

One of the fundamental problems of cloud computing is that when the thing blows up you don't have a neck to wring. There's a lot of finger pointing (it's your network/computer/browser, no it's your cloudy server, no it's $ISP), but you've no real option during outages except "hurry up and wait."

Having said that ...

Sucking less, at scale

Despite this, the cloud provider is most likely better at IT than you are. For the big players, there's more of them than there are of you and they have entire teams of people just to do monitoring.

Cloud providers leverage economies of scale. That doesn't just apply to getting cheap hardware or having a little bit of muscle when they sit down with Microsoft across that long negotiating table. It means things like testing, automation, quality assurance and the raw manpower that can be brought to bear.

They're better at it than you. Even with the potential for outages, you will probably still get better uptime with a cloud provider than rolling your own IT.

Internet Security Threat Report 2014

Next page: 3. The forever cost

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
SAVE ME, NASA system builder, from my DEAD WORKSTATION
Anal-retentive hardware nerd in paws-on workstation crisis
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.