Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More

from the pay-attention dept

Post sponsored by

The Hartford

With everything going on with the NSA and other intelligence agencies relying on being able to reach out to third parties for data, we’ve pointed out a few times now that this may do serious harm to the tech industry. But what about from the consumer (or business buyer) perspective? It seems likely that companies (especially) should really start rethinking how they make use of certain cloud services. There are, clearly, tremendous potential benefits from cloud providers, which is why it’s become so popular lately. But, there are certain downsides as well, and the whole concept of government access (or government demands, a la Lavabit) has really woken people up to some additional potential hazards they may not have paid close attention to in the past.

It also means that a lot of users of cloud services are suddenly reviewing their options a lot more carefully. We’ve talked about how this may be a boon for private cloud offerings, but there are still plenty of benefits to remote cloud offerings as well. But, suddenly the exact terms that are associated with those offerings, and the potential liability you might face for using those services becomes much more important. In the past, people may have grumbled about the terms of service or potential liabilities they were taking on, but the threats seemed more theoretical. That’s now changed.

Over at, Georg Greve has a good post that looks into questions that need to be asked before using a cloud service these days in light of the revelations about government snooping. For example, in the past, while many people might not have cared what country their service was hosted in, now it becomes critically important. He also highlights the importance of open source software and open source expertise — both of which provide benefits on mulitple levels, including a higher likelihood of standardization and, frankly, probably a stronger interest in not just caving to government snooping.

But the biggest one is the final point: having a way out.

Know your escape plan.

Solutions that are provided to you as fully open source have an elegant escape hatch built into them by their design. Read: You can take the entire stack and host it yourself without losing productivity or data. This backup plan protects you against legislative changes, company restructuring, and much more. The other side to this is provided by open standards.

The Takeaway: Choose solutions that have the most complete open standards approach to go with open source, because if your escape plan fails for whatever reason, there is a backup. Beware of “Open Core” offers masquerading as open source, though. Gartner called them the “emperor’s new clothes” for a reason.

Indeed. As I’ve argued a few times in the past, so many “cloud” services available today aren’t fulfilling the real power of the cloud. Instead, they’re little more than locked-in silos, where you’re stuck with that particular vendor. The switching costs are incredibly high in those cases, which may not matter when everything’s going great, but when you’re suddenly worried about the privacy of all of your users (or yourself!) these things suddenly matter quite a bit. And yet, many who are jumping on the cloud bandwagon don’t take the time to explore the amount of lock-in and what it means for their own flexibility and liability as well.

Part of the problem, of course, is that many users of cloud services just haven’t put a premium on having such control and freedoms. Hopefully, with the growing recognition of why this is an issue, more cloud providers will recognize that not locking people in, and providing more open and flexible solutions is a powerful selling point.

This post is sponsored by The Hartford.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More”

Subscribe: RSS Leave a comment
Anonymous Coward says:

I like the idea of taking the entire stack and hosting it myself, if necessary. Frankly, I don’t trust any cloud service providers located in the United States anymore. There’s just too much risk of NSA abuses and secret FISC gag orders.

I miss the days when America was the home of the free and the land of the brave. Now it’s the land of the oppressed and home of the scared.

Ninja (profile) says:

I wonder, if there will be extra costs involved in using the cloud such as a local backup o extra loops to protect your data from snooping then I’d think it’s worth setting up your own data center. I’ve read an article recently concerning it. It was focused on the scalability issues and not in the NSA surveillance but this may be yet another reason to leave the cloud.

Anonymous Coward says:

Cloud computing is 100% hype

It’s just another worthless, meaningless fad, like “three tier client-server computing” was 15 years ago. Back then, we (my employer) were doing what would be called “cloud computing” today — but we didn’t a have a name for it, we simply thought of it as “competent, intelligence use of resources”. Now we’re doing some other things that don’t have names, but I’m sure some marketroid will cook a few up eventually so that they can be sold to a gullible, naive public. File “cloud computing” right next to “social media” and similar bullshit that caters to the ignorant and stupid.

And worse than hype: cloud computing is 100% insecure. Every cloud provider of any size has long since been served with NSLs that require them to hand over all data and/or provide real-time network taps. Heck, major ones (e.g. Amazon) probably have APIs for surveillance built in.

Cloud computing is used only by the inferior people who haven’t thought it through.

Killer_Tofu (profile) says:

Re: Re:

Until they show up at your house with professional locksmiths while you are out away. And they know when you are, because they know you address, your phone number, your phone provider, and the same info for anyone else who lives with you.

And since they have access to all other records from major entertainment and communication services, they will know exactly when you leave and most likely for how long.

They can just do a friendly drop in, copy your hard drive, and then poof back out. You need a pretty intense system to know that they were even there. Or just a non-bribable dog perhaps.

Nicholas Weaver (profile) says:

Cloud computing security

The problems with cloud computing security can be summed up in four words: “Lawyers, Guns, and Money” (with apologies to Warren Zevon, my short talk with that title).

And remember, rule #1 of Cloud Computing Operational Security if you actually have confidential information you need to protect: don’t use cloud computing.

Anonymous Coward says:

Re: Re: Cloud computing security

That’s a brilliant little document. (Typo: Amazon is experimenting with “ads”, not “adds”.)

I would add to that the near-certainty that agents in the employ of other governments and/or criminal organizations have found employment at Amazon and Rackspace and wherever. It’s a no-brainer: get your people on the inside, have them collect a paycheck from the cloud provider and a tax-free bonus from you…and then wait. Just wait.

If and when the day comes that they can retrieve specific information, or take specific action, that minimal investment will pay for itself a thousand times over.

Dirkmaster (profile) says:

A Secure Cloud Solution

is actually possible. Of course, it’s not quite as convenient as the unsafe varieties. And it probably won’t be usable on any mobile devices. You just need to ensure that all data stored in the cloud is PIE (Pre-Internet Encrypted). It has to be encrypted by YOUR PC before it’s transmitted. Any decent encryption package using a good 16+ digit truly random key will keep the NSA busy long after the data is useful.


Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...