Monday, November 28, 2011

Are You Ready for the Cloud?

Cloud computing has been the marketing topic of 2011. You could hardly attend a conference without being bombarded by predictions of how cloud computing is going to revolutionize our technology landscape. Indeed, having your data in the cloud is quickly becoming a necessity in the time when we are dividing our computer time among multiple devices.

Yet companies have been a bit more conscientious rushing to the cloud. Sure, there have been stories about many users and departments signing up for various cloud-based services such as collaboration, file-sharing, or project management. But not many enterprises have ripped out their existing on-premise solutions in favor of cloud-based offerings yet.

There are reasons why enterprises are careful. Security concerns are usually being mentioned as the top concern. The data in the cloud is not under your control and so it is less secure, right? Actually, I’m not sure I buy that argument. In fact, the cloud vendor most likely has better security in place than most enterprises could ever afford to deploy.

A much bigger issue is the data control and ownership. First, there is the issue with employee-owned devices that end up containing corporate data. In case of a device theft or employee departure, the company isn’t allowed to wipe the device and has no control over the data. That is a problem for corporate security and legal liability.

The second issue related to data ownership is the protection provided by the cloud service providers. Take Google Gmail, for instance, which is being used by many employees. The Section 11 of the Terms of Service contains the following paragraph:

By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.

That clause alone made me think really hard about how much am I willing to use Gmail for communication with my tax accountant or investment advisor.  

And then there is the Patriot Act issue which forces US based companies to comply with law enforcement requests to hand over your data. Dropbox’s Privacy Policy, for example, includes the following passage:

We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights.

Good faith belief that disclosure is reasonably necessary” - that isn’t exactly the Swiss Banking Act, is it? While it may be the law in the US, it may also be beyond the tolerance threshold of many companies - particularly those from European countries that have a much less casual attitude towards data security and privacy.

As a result, companies are being very careful when taking advantage of cloud based services - particularly those that primarily cater to consumers. Such services will be likely supplemented by private-cloud based offerings that provide similar capabilities under the organization’s full control.

Also, a hybrid cloud approach might be used more often to address corporate concerns. One customer recently told me that they are moving their users to a cloud based email except for critical functions such as the financial and legal departments and their entire executive team.

This kind of approach may result in lower capital expenditures, but probably higher overall costs and complexity. Well, welcome to the Cloud Age!

1 comment:

  1. Good points - but you missed my favourite privacy policy which is that from who are theoretically targeting enterprise customers.. their terms of use say that "Content posted by Users and other non-Box contributors are generally not reviewed by Box."..
    Oh, that's OK then - as long as you don't 'generally' read my stuff and only do it whenever you feel like it..
    Expect a backlash against these public cloud providers as enterprise tools - CIOs should be blocking this stuff on corporate firewalls and forbidding them in policy. Hybrid cloud is the way to go.