Good article by Jonathan Zittrain in the NYT about the
risks in Cloud computing: Key risks are (summarised under the headings):
The Amazon Gambit:
If you entrust your data to others, they can let you down or outright betray you. For example, if your favorite music is rented or authorized from an online subscription service rather than freely in your custody as a compact disc or an MP3 file on your hard drive, you can lose your music if you fall behind on your payments. (See our post on these issues here)
Twitter Flitter
Data stored online has less privacy protection both in practice and under the law. A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee’s Google password. That in turn compromised a trove of Twitter’s corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.
Big Brother was Here
Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.’s own audits have shown that there can be plenty of overreach — perhaps wholly inadvertent — in requests like these.
The cloud can be even more dangerous abroad, as it makes it much easier for authoritarian regimes to spy on their citizens. The Chinese government has used the Chinese version of Skype instant messaging software to monitor text conversations and block undesirable words and phrases.
Lock In
The most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy.
Lock Out
Facebook allows outsiders to add functionality to the site but reserves the right to change that policy at any time, to charge a fee for applications, or to de-emphasize or eliminate apps that court controversy or that they simply don’t like. The iPhone’s outside apps act much more as if they’re in the cloud than on your phone: Apple can decide who gets to write code for your phone and which of those offerings will be allowed to run.
I would also add the following issues that Jonathan missed:
Whose IP is it Anyway
Facebook (and others) have Terms and Conditions that ensure that any content you input is theirs to keep and use as they see hit. (See our analysis of Facebook's Terms and Conditions here)
The SLA of a Free Service is Zero SLA
There is no Service Level for people who don't pay - in fact, you are not the customer. The customer is the person who is paying to keep the service going. Make sure you know who they are, and what they are extracting from you for your free lunch. It could be advertising, behavioural data, or a number of less salubrious benefits. There is unlikely to be any restitution or compensation for major errors, service outages etc. You gets what you pays for.
The Cloud industry has to sort these issues out to gain trust from any except the lowest value players, or else it will seem to any dispassionate observer that they are colluding in building walled gardens with mainframe levels of user responsiveness and innovation, and where they proceed to scrape and pillage you, your data and your future IP. In all new industries there is a "Dodge City" phase, and this - in my view - is where Cloud is now, and the behaviours of many of its players don't yet inspire confidence that it will end yet. As Zittrain points out in his article:
If the market settles into a handful of gated cloud communities whose proprietors control the availability of new code, the time may come to ensure that their platforms do not discriminate. Such a demand could take many forms, from an outright regulatory requirement to a more subtle set of incentives — tax breaks or liability relief — that nudge companies to maintain the kind of openness that earlier allowed them a level playing field on which they could lure users from competing, mighty incumbents.
Our advice for the present - don't put any business critical or sensitive information in free Cloud based systems just yet. If email is business critical, don't put it in the Cloud either. For stuff you have to put in the in the Cloud, pay money to ensure SLAs and go for a
high level of security awareness if it can in any way compromise you. Also, back up everything you have in the Cloud, frequently.
