In the February issue of Circuit Cellar, Steve Ciarcia contemplates the topic of business in the cloud in his Priority Interrupt editorial. It’s a topic you must address at some point, whether you’re a professional electrical engineer, programmer, tech team leader, or a tech editor/author. You must weigh the pros and cons, and you need to consider data security, data accessibility, and service reliability. Here’s Steve’s take:
There’s a lot of talk these days about freeing the user from the confines of a particular device via “cloud computing.” A typical example is Apple’s “i” family of devices where you can buy a song on iTunes with your iPhone, and then also play it on your iPad or home computer. Similarly, you can take a picture on any of these devices and share it seamlessly on all the others, or share it with your friends.
As a concept, this is a great thing, but it does have some strings. The song or picture, along with information about your ownership details, is stored out there “in the cloud,” or more specifically, somewhere on Apple’s servers. We don’t get excited over this because sharing photos, music, etc. among casual users isn’t considered “real data.” It’s merely an extension of the whole concept of social networking that is already relatively open.
The next level of cloud services from Google and others includes complete suites of web-hosted office applications (word processing, spreadsheet, database, etc.) and a lot more “real data” vulnerability. Along with services such as YouSendIt (file transmission) and Carbonite (file backup), the intention is for you to run your whole business on cloud servers and have instant ubiquitous access.
The question is: Are these services really up to the task of handling the data of a serious business?
Let’s talk about reliability first. Can you rely on important data being accessible the instant you need it? Well, if you take a look at the “Terms of Service” on any of the web services, they read pretty much like the end user license agreements (EULAs) we’ve all been reading for the past 30 years: this service is not guaranteed to do anything useful, this service is not guaranteed to be available, we are not responsible for any direct or consequential harm caused by this service, blah, blah, blah. This isn’t the sort of thing that should inspire confidence in anyone trying to start or run a business in today’s shaky economy.
At the very least, it means that for any data you put into a web application, you’d better make a private back-up copy and a back-up plan. You have to have access to that back-up copy via a means that does not involve the same application’s cloud server, an alternate ISP if the primary one fails (I have both cable and DSL for that reason), and a way to run the application elsewhere if the cloud business running the web app goes south.
But the bigger concern in my mind is the question of security. Who has access to the data you put into a web application, both now and in the future? Again, looking at those applications, I have yet to find a Terms of Service that promises any level of privacy for your data. Indeed, Google is particularly egregious in this area. Their Terms of Service (https://accounts.google.com/TOS) includes item #11, “Content License from You,” which states, “By submitting, posting, or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display, and distribute any Content which you submit, post, or display on or through, the Services.” This is about as far from a promise of privacy as you can get!
You really need to think defensively about your data. Surely, Google harbors no intent to harm any business using its services, but with tens of thousands of employees, it’s hard keep track of the one among them with internal access to your data who is less scrupulous. Without concrete liability for misappropriating or deleting client data, can you trust placing your confidence and livelihood in an illusion of credibility and a mere promise of service? Yes, this is a harsh statement, but show me where these guys take responsibility even if they screw up everything.
Be proactive with sensitive business files! When using file transmission or storage services, either encrypt (and/or digitally sign) the data and/or deal only with companies that understand the real issues involved. One good example is Intuit, a company that provides accounting services to small businesses. (Carbonite and YouSendIt also fall into this category.) They devote an entire section of their website (http://security.intuit.com) to the issues of client privacy and data security.
The bottom line is that existence in the “cloud” is an up-and-coming trend, both personally and commercially. Always read the terms of service and privacy/security documentation of any web service you’re considering using and carefully evaluate which kinds of data you’re going to put out there. But most of all, in this wild and wooly age of botnets and malicious intent, make sure you have an independent copy and a back-up plan for any data you consign to the ether.—Steve Ciarcia, Circuit Cellar 259