Clouds – will they eat my data?

When discussion comes to clouds, there are some arguments, that are often repeated by skeptics: data privacy and security but also the availability of data.

These points are aiming the spine of IT, touching the most valuable IT-assets, data. From private photo collections to enterprise data warehouses, loosing data is usually worst that could happen and is often not an option. This is true, independent which computing paradigm you follow: if you keep your hardware under your table, in the closet, in a (On-Premise)-Data Center or if you store it in the clouds, that means in data centers of the computing-service provider of your choice somewhere in the world.

And this is the point: Why is it, that with any new technological invention these discussions are brought up? I remember these 25 years ago, when RAID-systems came up, starting to conquer the later on so called SLED (Single Large Expensive Disks). Rember that Fujitsu Super Eagle, 19″, 8 Units, 150 pounds and 600MB Storage? How is it possible to securely store a single file by splitting it up and store it on 5 disperate, cheap SCSI-Disks? And years later, you might say, skeptics where right – I save raids dying for some reasons and we had to restore data from logically corrupted tape backup – **it happens.

Human Nature?

I guess it is human nature to bring up these arguments. Security and steadiness are human needs that follow directly after basic needs like food, shelter or clothing.  Because I understand that this is an important issue, I’m willing to have a candid discussion on this topic.

Living in Germany I’m not only looking human needs, but also have to keep Law and order in mind. Laws that influence not only public life, but we also have certain laws aiming at handling, storing, processing of data, trying to protect any indivual person from harm by loss or misuse of their personal data and also putting regulations on any institution that handles any kind of person-related data. Other countries have similar laws or regulations, eg. HIPAA in the healthcare sector.

Holiday Photographs

I assume, that anybody in the past, storing his/her personal holiday photographs, didn’t waste a thought nor a dime on keeping redundant copies. Possibly the most important images of the first day in school were duplicated. Nobody asked about redundancy or data security. Ok. Privacy was not the issue, keeping them in the locked drawer. But when it comes to personal photo cloud-storage, eg. Smugmug, based on Amazon S3, people start asking questions. My personal opinion is, that Smugmug’s business model is based on the fact that you pay money for a secure and reliable data storage (“All that was left after a twister struck my house are my holiday photographs” <LINK>), so the will take every measure, that this won’t happen.

Talking about Risks

If I still feel uncomfortable with the situation, it’s up to me to develop my private data protection strategy and keep files stored on my local harddrive. So I still can use the cool, new community and sharing features and still have a local copy of my photographs. Same point applies for enterprise computing. Just bigger databases and more users. Repeat after me: Security is just a matter of personal needs and money.

I don’t want to start a case in favor or against Cloud Computing like others, but instead I suggest to openly discuss risks and their management <See Bernard Golden>. But this discussion is not related or limited to cloud computing. Any data processing or management, regardless if paper/pencil based, server-based or cloud-based imposes risks that have to be assessed and hopefully mitigated or maybe not, so you have to bear or share them.

So What?

The cloud-vendors have to face the enterprise grade security discussion and need to offer concepts and architectures that provide the personally or even statutory relvant level of security. Maybe in the past the they didn’t do enought to help cloud computing to come out of beta state and enter the enterprises. In the mean time we should be looking for new ideas like RAIC described be Storage Architect Chris M. Evans <HERE> and Enterprise Architect Mark Masterson <HERE>.

I’m sure there are more people and companies working on concepts and products addressing these issues, so let’s find solutions and look forward to new opportunities, rather than only whining about dangers and risks. Trying to keep the status quo also bears risks. Especially in these times.


Leave a Reply