Cloud Computing – A Few of the Hidden Factors to Consider

I am a big fan of cloud computing (CC) and have been using CC to backup my essential files since I first heard of Jungle Disk in 2007 (Jungle Disk is a great product for home, SOHO, and small businesses to backup and share files). I have also been working with some friends on a business which uses cloud processing. Before choosing CC, organizations need to evaluate a number of factors. Here are a few that don’t get much attention.

Who Owns the Data? Who Cares if You Use PIE

There is great debate about who owns the data that is stored on the cloud. What about data that might get stored in different countries? What about subpoenas? This is a legal issue which will take time to be litigated. Mark Rasch, director of cybersecurity & privacy consulting at CSC, has an excellent primer on this topic at: http://www.api.org/meetings/proceedings/upload/SessIVRaschPres10Nov10.pdf I recommend that my clients use “PIE” or “pre-Internet encryption,” a term coined by Steve Gibson of the Security Now podcast. The idea is to encrypt your data BEFORE sending it to the cloud. You know the key and no one else. If your data is hacked or a subpoena is served, all that will be visible is random garbage. If you are a small business, Jungle Disk uses your own AES 256 key to encrypt. There are products like Trend Micro’s CC suite which encrypt enterprise-level data.

Just Because Your Cloud Computing Supplier is Big, Doesn’t Mean they Are Smart

This is a corollary to using PIE. Amazon had a well-publicized outage a couple of months ago. What was not publicized was that a small amount of data (less than 1%) was permanently lost. If that was your customer database, you could have been screwed. Another CC supplier Dropbox had a software glitch recently caused when they were updating software. The glitch meant that no one’s password was being checked so anyone could log into a Dropbox account with no password or any password. Last year Google fired a system administrator who was accessing customer files using his administrator access. Using a “big supplier” doesn’t mean they do everything right. You need to protect yourself. If you were using PIE, in any of these situations you would be protected.

Bandwidth, Don’t Assume It Will Always be Free

CC uses lots of bandwidth. Some CC supplier’s like Amazon charge for bandwidth but what about your ISP? Most ISP’s are looking at instituting bandwidth caps and/or charges. How would bandwidth charges from your ISP change the economics of CC?

Advertisements

About infoguardianangel
The consumer and corporate information guardian angel. Cybersecurity and privacy advice for my clients (and anyone else who cares about protecting their data or their companies).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: