Cloud computing is cool, no doubt about that. There have never been more good looking and futuristic looking schematics been made in Visio. Thousands of presentations, workshops and even conferences have been held on the subject.
One question however has not be clearly answered yet … what about data ownership? What about privacy of that data? When your applications are running in the cloud you are also handing over your data to whoever is running the data center. How sure are you that they protect this data as they should do? What about these situations:
- Your cloud partner goes out of business and your data becomes a valuable asset that can be sold to pay of debt. How well are you protected from this scenario? Or … what are the guarantees about confidentiality? Think SalesForce …
- Your cloud partner goes out of business without any warnings, your applications are offline, your data is not accessible. Worst case you got a couple of days notice, best case a couple of weeks. Does your disaster recovery plan takes this into account? How fast can you move to a new cloud partner or your own data center? How much data will you loose? How recent is the data you go online with after recovery?
- Your cloud partner decides to disable a feature in their application, a feature you depend on. Does your disaster recovery plan takes this into account? This is not far fetched, in a small way this is what happened when Microsoft decided to disable anonymous comments on their Live Blog. They even did this retroactively and so revealed identity information of authors who previously had been anonymous.
None of these scenarios is purely technical in nature and none of these scenarios are far fetched. You can probably think of many more realistic and sure to happen situations.
In relation to the 3th scenario … how many companies have application versions that are far behind the lastest public version purely because of functionality or compatibility they depend on? At least all of the companies I have came into contact with are in this situation. If you run everything on your own servers you have a greater deal of control then you can imagine at first. Companies should do their homework when moving some of this into the cloud, they are often giving up far more control then they think they do and want to do. Contracts alone won’t solve it either.
Gunnar Peterson linked to this fun but interesting story:
“He sounded just like Obama,” she said on Thursday, referring to President-elect Barack Obama.
Sensing she was the victim of a spoof by a South Florida radio station, she promptly disconnected the call.
Trouble was, it was Obama.
A chagrined Ros-Lehtinen told the Fox News Channel that she also hung up on Obama’s chief of staff, Rahm Emanuel, when he called her back to explain it really was the next president on the line.
Both Emanuel and Obama tried to convince her the call was for real.
“Guys, it’s a great prank, really,” she said she told them.
It took a subsequent call from California Democratic Rep. Howard Berman, chairman of the House Foreign Affairs Committee, to finally convince Ros-Lehtinen to talk to Obama.
To convince her that it really was Berman, she said she told him, “Give me the private joke that we share.”
These type of prank calls, when someone calls you and pretends to be a high ranking official in some country, used to be low probability and medium impact risks. Low probability since there was a border most people did not cross. We all laughed with prank calls where a radio presentator pretended to be some unknown person who wanted to order something so extraordinary that it was hard to believe it was true … but funny. But pretending to be the President of France or the President-elect of the United States, that was a whole different story. That was not done, who knows what the repercusions would be! It was also a medium impact risk because in most cases the victim of the prank call was not a VIP or anything, often even just a receptionist at a company. The impact was all personal and completely forgotten after a couple of weeks.
But recently some people changed all this. Today this is a medium to high probability and high impact risk. Certainly a higher probability since others have done it and got away with it. Surely a higher impact was well, just look at what happened to Sarah Palin. It’s not something that is forgotten after a couple of weeks, this is something that sticks to your career now.
But my congratulations to Ros-Lehtinen who did not only recognize the change in the risk profile but also employed a simple but effective counter measure: use of a shared secret.
We all know how these days you are not allowed to bring any significant amount of liquid on the airplane. Every liquid you do bring with you is taken away swiftly. Bruce Schneier has an excellent blog entry on the usefulness of this rule.
In Belgium we have this television series “Airport Security” about the day to day aspects of security on our national airport (“Brussels Airport”). It actually is a spin off from similar US and UK shows. In one of the episodes they showed how they confiscated liquids. After a couple of days all the bottles amounted to a fairly large pile. All nicely tucked away in plastic storage boxes. Their content is however not safely disposed of (after all, they can contain potential explosives), they give it all away to a charity organization who then distributes it to people in need.
Although I support the fact they want to help charity organizations, it seems a bit illogical to me. One minute they threat these bottles as potentially dangerous, confiscating them without exception, the next minute their risk level seems to drop to zero and they are handed out to charity.
As Bruce states in the above mentioned article:
If something is dangerous, treat it as dangerous and treat anyone who tries to bring it on as potentially dangerous. If it’s not dangerous, then stop trying to keep it off airplanes.
So either we stop confiscating those liquids or we start handling them as really having a risk level: threat anyone who tries to bring it on as potentially dangerous and safely dispose of the liquids. Our current procedures are just stupid, annoying, incomplete and don’t add value to protecting those who travel by air.
