“Cloud computing” has been the marketing genie for enormous companies for quite a while as they have made another market for information in our increasingly digital world and have siginificantly earn alot through cloud spirit. They’ve made huge investments in infrastructure and software to enable the capture of strong positions and revenues in the market. Global “cloud computing” revenues had top $80 billion in 2015 and $100 billion in 2016, according to estimates by Forbes.
The list of summary benefits of cloud computing
- Capital and operating cost savings from outsourcing IT operations
- Improved data sharing allows collaborative improvements within and across organizational boundaries
- Increased data “transparency”
The drumbeat for “cloud computing” has become so pervasive that some wonder how we ever survived without it. So, how could a miracle like “cloud computing” have a downside? Is there a catch?
It turns out there is more than one catch, and they are all based on the fact that “the cloud” is just someone else’s computer(s) connected to the same unsafe World Wide Web you use. Six of these “catches” are listed below and explained in common sense terms:
- Who has access to your data? Outsourced data operations completely bypass all safety measures you can directly control and enforce inside your own organization. Your data being outside your direct control is inherently more at risk. Your cloud provider will certainly vouch for their personnel, but, is their word enough to compensate you for any data breaches, financial losses, regulatory penalties, or reputational damage?
- When data security is breached, will regulators come after your cloud service provider, or YOU? Legally you are ultimately responsible for the security and integrity of your own data, even when it is held by a service provider. You can try to mitigate this risk by demanding security certifications from, and outside audits of, your cloud service provider. Nevertheless, ultimate legal and financial responsibility for your data security is yours, and you can’t hold “the cloud” accountable.
- Do you KNOW where your data is? Many cloud users do not actually know where the cloud servers hosting their data are actually, physically located. If it is being hosted in a country where laws regarding information processing and/or intellectual property are lax, unfavorable, or non-existent, the risk of a data disaster can be enormous.
- Does your data have any “roommates”? Normally, data in cloud storage is not stored in a unique, distinct environment, but alongside OPD (other people’s data). Encryption is often used to preserve the integrity (and prevent the mingling) of data between users. That may be sufficient to protect your data…unless your “roommate” is a skilled cybercriminal looking for a lucrative target.
- Will your data survive a disaster, whether natural, financial, political, or otherwise? Here is the “Cloud Catch-22”: Providing for the survivability of your data in the event of a disaster of some kind at the facilities of your cloud service provider requires prior replication of your data (known as “mirroring”) at a different site. But the very act of having replicas of your data on other sites exposes it to all the other inherent risks of “the cloud”.
- If necessary, will you be able to audit/investigate the storage and processing of your data at your cloud service providers site? Maybe, maybe not. The fluid nature of “cloud storage” makes forensic investigations inherently more difficult than on your own data storage facilities. In some cases, such an investigation may not be possible to perform on a “cloud site” because the service provider can’t or won’t support them. The inability to investigate your own data for legal or regulatory purposes can be a very expensive failure.