Channeling Floyd a bit here, I’m reminded of “Get off of My Cloud” by the Rolling Stones.
I’m not a huge fan of the term cloud computing. Not entirely sure why, but I prefer using some variant of service, e.g. service-based computing or SaaS, because including “service” more accurately reflects what’s really going on in the cloud.
Some company is providing you with a computing service, as opposed to installable media, either for free or for money. In exchange, you agree to T&C that control how your data can be used and sometimes give them money.
Don’t get me wrong. I like services-by-wire as much as the next person, depending on where I’m standing, and I’m not penning a diatribe against them. However, I have noticed a few interesting posts recently that call out some of the common (and not so common) pitfalls of relying too much on the cloud. These are worth reading and sharing for comment.
First, Lifehacker had a post called “The Hidden Risks of Cloud Computing“. Not the most eye-catching title, but one of their hidden risks was an eye-opener. Specifically, that while law enforcement agencies must obtain a search warrant to search your place of residence, including your electronic files, they only need to obtain a subpoena to get access to records of your activity from third-parties. Apparently, they can do so without your knowledge too.
I guess I should have known this based on all the RIAA and piracy stories floating around, but somehow it didn’t stick.
Sure, no biggie if you’re not doing anything illegal, but definitely a privacy concern.
A post from ReadWriteWeb included another new one for me, namely that service providers using virtualization don’t always use data encryption because virtual machines “don’t always have enough access to the random numbers needed to properly encrypt data.”
Of course, most service providers *do* use virtualization because it’s cheap and easy, and you don’t always have any way of knowing who does and doesn’t, unless it’s disclosed by the provider. Some services don’t need encryption, but others, e.g. those that store personal information about you, definitely do need it. Sure, if data are transferred over SSL, you don’t have to worry about over-the-wire as much, but all bets are off if someone has a way inside the provider’s network.
This isn’t normally an easy hack, and I’m not saying that providers are more or less vulnerable to this type of intrusion. Don’t kill the messenger.
Fortunately, these types of attacks are difficult, making them less common and requiring a motivated black hat.
With cloud computing, most of the risks aren’t as difficult and are much more well-known. The two posts include the standard risks that I’m sure you’ve heard:
- Trusting a single provider too much.
- Weak security based on easily hacked password recovery processes.
- Provider lock-in and data ownership.
- Downtime and data unavailability.
For some things you do online, these issues may not matter, but if they do, you’ll want to be as safe and prepared as possible. For example, what if your social bookmarking provider loses all your data? What if your favorite lifestreaming app is bought by a huge social network? What happens to all your old data? Or say your favorite micro-blogging service doesn’t surface your all your updates in their UI? Are they gone forever?
Generally speaking, most people are lax about backing up their own systems, but when it comes to a service provider, they expect backups and archival history, regardless of whether the service is free or not. Seems a bit ironic, but again, this is why I prefer using the term service when discussing cloud computing.
If you’re wondering, your old tweets aren’t deleted.
This isn’t obvious though, and I’ve seen several posts on how to archive your tweets. Surprise, there are even services that will do this for you. I found a few with a quick search, one of which collects your Twitter credentials and a fee. Personally, I’m not in a hurry to archive my tweets, but I can see value there for others.
Sorry, bit of a tangent there.
The point about risk in the cloud remains: the artifacts you create aren’t always yours, unless the T&C say otherwise, they belong to the provider. Good luck exporting your stuff out of these services too, especially the free ones. While exporting tweets isn’t terribly difficult, imagine how much work it would be to get your pictures out of Facebook or Flickr.
Online services rock.
They’re easy and affordable and save you tons of time and effort replicating similar functionality yourself. Even if you’re a very savvy user who wants to maintain equipment and gear in your own mini-datacenter, you’ll probably rely on at least some services in the cloud.
The message here is know the risks.
So, did I miss any? Have any stories to share about services? Am I out of line and paranoid?
Find the comments.