This is the MIT CIO Symposium blog. We invite participation from speakers, sponsors, attendees, and interested parties.

Cloud Computing: Understand the Risks

By annie shum | March 27, 2009

All the data that make up our lives seem to be heading for the clouds. From photos on Flickr (YHOO) to memos on Google Docs, we are entrusting more and more to computers in giant data centers—a model called cloud computing. It’s certainly convenient to have access to our stuff wherever we are and on whatever device we choose. But is it safe?

Yes, if you exercise reasonable care. The major providers of Web-based services have generally established an enviable record as stewards of their customers’ data. Still, there are perils—just as there are with clouds of the atmospheric variety. A little thought and prudence may save you grief down the road.

There are two kinds of risks in putting your data online. One is that you can never be quite sure who has access to your information once it has migrated beyond the hard drives and backup storage devices in your home. The other risk is that the information, and sometimes the applications you need to make use of it, may be available only when you are connected to the Internet and the service is up and running.

These twin dangers are now abundantly obvious to users of a collaborative Web-based word-processing program called Google Docs. Google (GOOG) recently notified its users that a software glitch had allowed some subscribers unauthorized access to “a very small percentage” of these documents, which are stored on Google’s servers.

The security of data stored in the cloud varies with both the design of the system and how well the safety measures are implemented. Some services encrypt information both in transit and in storage in such a way that only the owner can decrypt it. These services are generally the most secure against either accidental or malicious disclosure—though your information can be lost forever if you lose the password. In general, services that allow Web access to data from any computer are riskier than more restrictive systems, and those that allow the information to be shared among a group of users pose even greater hazards.

Sometimes you have control over this—for example, by declining an option that lets you access your data from a Web site. This choice is available on many online backup services and can be handy if, say, you are on the road and need to get a file that’s on your home or business computer. But clearly that access increases the risk that your information could be exposed to third parties.

The security practices of cloud storage systems are usually described in the fine print of their security and privacy policies, but in practice it’s difficult to assess safety. Corporations run security audits to gauge the practices of cloud computing operations, but this is beyond the reach of individuals or smaller businesses. The simpler course for most of us is to think before committing data to the cloud. Those photos from the family trip to Disney World (DIS)? No problem. But the term sheet for a proposed merger or acquisition should probably stay encrypted on a hard drive that you control. Anything in between? Just consider how much embarrassment or trouble it would cause in the wrong hands.

The issues of getting to your online data are less serious. The growing ubiquity of wireless services means there are fewer and fewer places where you can’t get on the Net if you need to. Wi-Fi is even slowly creeping onto airplanes, the last wireless frontier.

Of course, if you know you will have to work disconnected, you can load the files you need onto a hard drive or USB memory key. And new technologies, such as Google Gears and Adobe AIR (ADBE), make it possible for some Web-based programs to be used on a computer even when you’re not connected.

Will your cloud service be there when you need it? Google got a lot of unwelcome attention recently when its Gmail service was unavailable for about three hours. Back in the days of the Ma Bell monopoly, AT&T (T) promised 99.999% availability, which allowed a bit over five minutes of downtime a year. But “five nines” of reliability is fabulously expensive. Google promises its corporate Google Apps customers 99.9% uptime, which leaves room for outages of nearly nine hours a year. The fact is, most enterprises don’t deliver higher reliability on their own systems; the difference is that outages on big public services get publicity.

Ultimately, putting your data in the cloud involves choosing convenience and productivity at the cost of some security risk. In the real world, convenience almost always wins, and there’s nothing wrong with that. What’s important is that you understand the dangers.

By Stephen H. Wildstrom, BusinessWeek, March 25, 2009

Topics: Uncategorized | No Comments »

Leave a Reply