Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More
from the pay-attention dept
With everything going on with the NSA and other intelligence agencies relying on being able to reach out to third parties for data, we’ve pointed out a few times now that this may do serious harm to the tech industry. But what about from the consumer (or business buyer) perspective? It seems likely that companies (especially) should really start rethinking how they make use of certain cloud services. There are, clearly, tremendous potential benefits from cloud providers, which is why it’s become so popular lately. But, there are certain downsides as well, and the whole concept of government access (or government demands, a la Lavabit) has really woken people up to some additional potential hazards they may not have paid close attention to in the past.
It also means that a lot of users of cloud services are suddenly reviewing their options a lot more carefully. We’ve talked about how this may be a boon for private cloud offerings, but there are still plenty of benefits to remote cloud offerings as well. But, suddenly the exact terms that are associated with those offerings, and the potential liability you might face for using those services becomes much more important. In the past, people may have grumbled about the terms of service or potential liabilities they were taking on, but the threats seemed more theoretical. That’s now changed.
Over at OpenSource.com, Georg Greve has a good post that looks into questions that need to be asked before using a cloud service these days in light of the revelations about government snooping. For example, in the past, while many people might not have cared what country their service was hosted in, now it becomes critically important. He also highlights the importance of open source software and open source expertise — both of which provide benefits on mulitple levels, including a higher likelihood of standardization and, frankly, probably a stronger interest in not just caving to government snooping.
But the biggest one is the final point: having a way out.
Know your escape plan.
Solutions that are provided to you as fully open source have an elegant escape hatch built into them by their design. Read: You can take the entire stack and host it yourself without losing productivity or data. This backup plan protects you against legislative changes, company restructuring, and much more. The other side to this is provided by open standards.
The Takeaway: Choose solutions that have the most complete open standards approach to go with open source, because if your escape plan fails for whatever reason, there is a backup. Beware of “Open Core” offers masquerading as open source, though. Gartner called them the “emperor’s new clothes” for a reason.
Indeed. As I’ve argued a few times in the past, so many “cloud” services available today aren’t fulfilling the real power of the cloud. Instead, they’re little more than locked-in silos, where you’re stuck with that particular vendor. The switching costs are incredibly high in those cases, which may not matter when everything’s going great, but when you’re suddenly worried about the privacy of all of your users (or yourself!) these things suddenly matter quite a bit. And yet, many who are jumping on the cloud bandwagon don’t take the time to explore the amount of lock-in and what it means for their own flexibility and liability as well.
Part of the problem, of course, is that many users of cloud services just haven’t put a premium on having such control and freedoms. Hopefully, with the growing recognition of why this is an issue, more cloud providers will recognize that not locking people in, and providing more open and flexible solutions is a powerful selling point.
This post is sponsored by The Hartford.
Filed Under: cloud, data security, liability, sponsored post
Comments on “Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More”
I like the idea of taking the entire stack and hosting it myself, if necessary. Frankly, I don’t trust any cloud service providers located in the United States anymore. There’s just too much risk of NSA abuses and secret FISC gag orders.
I miss the days when America was the home of the free and the land of the brave. Now it’s the land of the oppressed and home of the scared.
Re: Re:
Suddenly, service providers based in countries that’s hostile to U.S. becomes appealing to me.
Switzerland once was considered a good choice, but that ends when Swiss bank bends to U.S.’s order to give out account owners’ information. I don’t have much confidence left to that country any more.
Re: Re:
hahaha u are so funny
“I miss the days when America was the home of the free and the land of the brave. Now it’s the land of the oppressed and home of the scared.”
love your comment dude
I wonder, if there will be extra costs involved in using the cloud such as a local backup o extra loops to protect your data from snooping then I’d think it’s worth setting up your own data center. I’ve read an article recently concerning it. It was focused on the scalability issues and not in the NSA surveillance but this may be yet another reason to leave the cloud.
Cloud computing is 100% hype
It’s just another worthless, meaningless fad, like “three tier client-server computing” was 15 years ago. Back then, we (my employer) were doing what would be called “cloud computing” today — but we didn’t a have a name for it, we simply thought of it as “competent, intelligence use of resources”. Now we’re doing some other things that don’t have names, but I’m sure some marketroid will cook a few up eventually so that they can be sold to a gullible, naive public. File “cloud computing” right next to “social media” and similar bullshit that caters to the ignorant and stupid.
And worse than hype: cloud computing is 100% insecure. Every cloud provider of any size has long since been served with NSLs that require them to hand over all data and/or provide real-time network taps. Heck, major ones (e.g. Amazon) probably have APIs for surveillance built in.
Cloud computing is used only by the inferior people who haven’t thought it through.
Re: Cloud computing is 100% hype
“Cloud computing is used only by the inferior people who haven’t thought it through”
Correction, it’s for the digital invalids who cannot setup their own secure server, for that matter any server at all 🙂
The Hartford
They’ve sponsored this post.
I’ve patented this brand new idea. I call it a ‘hard drive.’ It stores all of your files locally, for maximum protection.
Re: Re:
Until they show up at your house with professional locksmiths while you are out away. And they know when you are, because they know you address, your phone number, your phone provider, and the same info for anyone else who lives with you.
And since they have access to all other records from major entertainment and communication services, they will know exactly when you leave and most likely for how long.
They can just do a friendly drop in, copy your hard drive, and then poof back out. You need a pretty intense system to know that they were even there. Or just a non-bribable dog perhaps.
rush limbagh
Is always pushing cloud services. Cryptonyte. Uh huh
If I were the NSA/CIA, I’d set up some new “encrypted” emaila nd cloud storage services based in some other countries and see who I could get to use them.
And since I thought of it you can be sure they did.
Cloud computing security
The problems with cloud computing security can be summed up in four words: “Lawyers, Guns, and Money” (with apologies to Warren Zevon, my short talk with that title).
And remember, rule #1 of Cloud Computing Operational Security if you actually have confidential information you need to protect: don’t use cloud computing.
Re: Cloud computing security
Actual link: http://www.icsi.berkeley.edu/~nweaver/cloud.pdf
Re: Re: Cloud computing security
That’s a brilliant little document. (Typo: Amazon is experimenting with “ads”, not “adds”.)
I would add to that the near-certainty that agents in the employ of other governments and/or criminal organizations have found employment at Amazon and Rackspace and wherever. It’s a no-brainer: get your people on the inside, have them collect a paycheck from the cloud provider and a tax-free bonus from you…and then wait. Just wait.
If and when the day comes that they can retrieve specific information, or take specific action, that minimal investment will pay for itself a thousand times over.
Re: Cloud computing security
And the odds are overwhelming that you do — particularly if you’re using “cloud” services in connection with your cell phone or tablet.
A Secure Cloud Solution
is actually possible. Of course, it’s not quite as convenient as the unsafe varieties. And it probably won’t be usable on any mobile devices. You just need to ensure that all data stored in the cloud is PIE (Pre-Internet Encrypted). It has to be encrypted by YOUR PC before it’s transmitted. Any decent encryption package using a good 16+ digit truly random key will keep the NSA busy long after the data is useful.
IMHO
say no to drugs,er usa services
lol
Hi nice to see your article,please visit my site for latest games and android for pc apps