July 29th, 2014 by inflectra
Thankfully, the professional tools I employ for software development store their data on servers owned by the product vendor, so I don’t have the same concerns there, but when it comes to my personal data, I’m just uneasy. It’s not that I think it’s a bad idea in principle; on the contrary, I’d love all my digital data to be accessible wherever I am, with reliability and redundancy, but the control freak in me is worried. At the risk of sounding like my father when he lauds the simplicity of older cars over today’s computer controlled digitally enhanced vehicles, I just think there is so much that could go wrong!
I have to worry about security. How safe would my data be from hackers? Cloud storage is a more attractive target than individual PCs because so much can be gathered from one hack. How well vetted are the employees of my prospective cloud storage provider? Can I trust that if they have the ability for administrative reasons to access my data, they will not misuse that power? Not only must I question the security of the cloud service itself, I have to worry about whether the transmission of my data is safe between the cloud storage and me, on every one of the devices I will use to access that data (simply because I can.). Does the service use encryption (e.g. SSL for web traffic) for its communication, does the service have third-party audits of its systems (usually referred to as a SAS 70 Type II or SSAE 16 certificate).
Would my chosen cloud service provider use multiple physical locations across the globe to provide the necessary redundancy to make my data safe? Not only would it be easier for my government to ‘own’ a copy of my data, what about other governments? I have no idea which countries my provider may use for its data centers and therefore whether it is safe against becoming collateral damage in the next local outbreak of civil unrest. And the privacy laws of foreign countries may leave me vulnerable. Not that I have anything to hide from governments, it’s just that I have this strange idea that my data is mine and nobody else’s. If I decide to delete some of my data, is it really gone? Or should I be concerned that system redundancy has left copies floating around the servers in South America or Asia?
What about outages? Right now, I can access my data even if my ISP or my cloud service provider fails. We all know the rule: technology fails when we most need it. Will I be able to get good support when I’m having trouble or will it be the nightmare of endless emails between me and a faceless support person, (providing my email information isn’t lost in the cloud too!) to solve a problem that then mysteriously resolves itself after 24 hours. Never underestimate the value of good customer service!
Could my service provider be acquired by an organization that has very different policies, or might my service provider change its own policies and leave me (feeling) less secure?
Thankfully, these potential problems apply to service providers for my personal data, and generally not those companies who host my professional data. And don’t get me wrong, I’m not saying that you shouldn’t use the cloud for your personal computing needs, but if you do, perhaps use these thoughts as a checklist when choosing which provider to trust with your personal data. As for me, while I thought it would never happen, I’ve turned into my Father.