The news for cloud computing advocates keeps getting worse and worse. Within the last month we have seen Google IM and Video services falling over worldwide, Dropbox was hacked and there have been problems with Amazon and Microsoft’s cloud servers. It’s been a tough month for a technology that was once described by Larry Ellison, the founder of Oracle, as “fashion-driven” and “complete gibberish”.
Ownership
In 2010 the US analyst firm Gartner created a cloud computing bill of rights, the first and Gartner would argue the most important aspect of this bill was data ownership. While many online services support the Gartner proposal, data ownership, transparency and most importantly portability are not in the interest of the majority of cloud service providers.
The argument of who owns your data and access to it is a thorny issue, after all the harder it is for customers to move from a service the easier it is for providers to protect their revenue.
In 2011 the file storage site Megaupload was taken offline and its owners were charged with numerous counts of criminal activity. The case for the prosecution was that a number of users were using the service to share and distribute copyrighted material. However the vast majority of users were using the service in the manner it was intended, online storage. The ongoing battle for these users to regain access to their data is well documented. But just try explaining to the tax office why it’s impossible for you to complete your tax return because the FBI have impounded your data.
Security
Let’s be totally realistic here, your data is only ever as secure as the last person to access it. Stories of government officials leaving top secret disks in taxis or Doctors losing NHS patient records are sadly all too commonplace. Data breaches happen regardless of the technology. However, with cloud computing the scale of security breaches can be immense, just ask the 77 million Sony Playstation Network users whose personal data and credit card information was compromised last April. Even this month the popular file sharing site Dropbox confirmed its cloud storage service had been hacked and account names and passwords had been stolen.
The often implied placebo that “it will never happen to our service” really is a bad joke.
Reliability
In the IT world most people offering an online service, whether it’s e-commerce solutions, storage or email, tend to talk in the same language. When describing uptime and reliability we always talk about “the nines”, 2 nines (or 99% for the rest of us) equates to about 3.65 days of downtime per year with the holy grail of 5 nines which means about 6 minutes lost. I raise this as it’s easy to look at these impressive figures without seeing the truth behind the detail. 3 nines means over 8 hours when your system isn’t working. Believe me, when this happens and your staff are sitting around doing nothing while customers are calling in but can’t be helped, it’s very bad.
Business Risk
The ability to spread the risk and therefore your exposure can be very difficult if you are relying on a single vendor or service. Due to the nature of distributed computing it can be easy for a single problem to take down many users. A good example of this is Amazon’s AWS cloud platform. This year it has had multiple outages and during these moments we all get to realise just how fragile the Internet can be. When a cloud provider suffers a major outage, a business can be knocked offline for hours with no indication about when it might be back online. While this can mean thousands of pounds worth of lost sales, how high up the provider’s list of priorities will it be to get your site back online?
In fact, if you are dependent on a cloud provider then their business risk becomes your business risk. If they go out of business you may follow shortly behind. And if they have a bad quarter, price rises may get them back on track, but achieve the opposite for you. Some companies proclaim “no contract” i.e. both parties can drop out at any time. This is fine, but not if you are dependent on the service, which means the risk is all yours.
Legal Compliance
Compliance with local, international and worldwide laws is a difficult juggling act. For the average small business it can be a confusing landscape. While you might believe you have a good understanding of the requirements, all your hard work can be undone by a reliance on a third party cloud-based application.
Let’s take data location as an example. The EU Data Protection Act was written to keep all personal information within the European Union. To comply, the cloud vendor should keep your European customer data on servers located in Europe; do businesses even know where their servers are?
Conclusion
Despite the well reported problems, Cloud Computing is growing. The number of businesses using online services is increasing at a huge rate. The attraction is easy to understand; the combination of low cost and immediate availability makes a lot of sense. However, millions of businesses are now completely reliant on third party services owned and run by corporates with their own agendas and business models. Are businesses sleep walking into a potential disaster?