Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More

from the pay-attention dept

Post sponsored by

The Hartford

With everything going on with the NSA and other intelligence agencies relying on being able to reach out to third parties for data, we've pointed out a few times now that this may do serious harm to the tech industry. But what about from the consumer (or business buyer) perspective? It seems likely that companies (especially) should really start rethinking how they make use of certain cloud services. There are, clearly, tremendous potential benefits from cloud providers, which is why it's become so popular lately. But, there are certain downsides as well, and the whole concept of government access (or government demands, a la Lavabit) has really woken people up to some additional potential hazards they may not have paid close attention to in the past.

It also means that a lot of users of cloud services are suddenly reviewing their options a lot more carefully. We've talked about how this may be a boon for private cloud offerings, but there are still plenty of benefits to remote cloud offerings as well. But, suddenly the exact terms that are associated with those offerings, and the potential liability you might face for using those services becomes much more important. In the past, people may have grumbled about the terms of service or potential liabilities they were taking on, but the threats seemed more theoretical. That's now changed.

Over at OpenSource.com, Georg Greve has a good post that looks into questions that need to be asked before using a cloud service these days in light of the revelations about government snooping. For example, in the past, while many people might not have cared what country their service was hosted in, now it becomes critically important. He also highlights the importance of open source software and open source expertise -- both of which provide benefits on mulitple levels, including a higher likelihood of standardization and, frankly, probably a stronger interest in not just caving to government snooping.

But the biggest one is the final point: having a way out.
Know your escape plan.

Solutions that are provided to you as fully open source have an elegant escape hatch built into them by their design. Read: You can take the entire stack and host it yourself without losing productivity or data. This backup plan protects you against legislative changes, company restructuring, and much more. The other side to this is provided by open standards.

The Takeaway: Choose solutions that have the most complete open standards approach to go with open source, because if your escape plan fails for whatever reason, there is a backup. Beware of "Open Core" offers masquerading as open source, though. Gartner called them the "emperor's new clothes" for a reason.
Indeed. As I've argued a few times in the past, so many "cloud" services available today aren't fulfilling the real power of the cloud. Instead, they're little more than locked-in silos, where you're stuck with that particular vendor. The switching costs are incredibly high in those cases, which may not matter when everything's going great, but when you're suddenly worried about the privacy of all of your users (or yourself!) these things suddenly matter quite a bit. And yet, many who are jumping on the cloud bandwagon don't take the time to explore the amount of lock-in and what it means for their own flexibility and liability as well.

Part of the problem, of course, is that many users of cloud services just haven't put a premium on having such control and freedoms. Hopefully, with the growing recognition of why this is an issue, more cloud providers will recognize that not locking people in, and providing more open and flexible solutions is a powerful selling point.

This post is sponsored by The Hartford.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 3:29am

    I like the idea of taking the entire stack and hosting it myself, if necessary. Frankly, I don't trust any cloud service providers located in the United States anymore. There's just too much risk of NSA abuses and secret FISC gag orders.

    I miss the days when America was the home of the free and the land of the brave. Now it's the land of the oppressed and home of the scared.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 3:44am

    Re:

    Suddenly, service providers based in countries that's hostile to U.S. becomes appealing to me.

    Switzerland once was considered a good choice, but that ends when Swiss bank bends to U.S.'s order to give out account owners' information. I don't have much confidence left to that country any more.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Ninja (profile), Aug 22nd, 2013 @ 3:51am

    I wonder, if there will be extra costs involved in using the cloud such as a local backup o extra loops to protect your data from snooping then I'd think it's worth setting up your own data center. I've read an article recently concerning it. It was focused on the scalability issues and not in the NSA surveillance but this may be yet another reason to leave the cloud.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 4:21am

    Cloud computing is 100% hype

    It's just another worthless, meaningless fad, like "three tier client-server computing" was 15 years ago. Back then, we (my employer) were doing what would be called "cloud computing" today -- but we didn't a have a name for it, we simply thought of it as "competent, intelligence use of resources". Now we're doing some other things that don't have names, but I'm sure some marketroid will cook a few up eventually so that they can be sold to a gullible, naive public. File "cloud computing" right next to "social media" and similar bullshit that caters to the ignorant and stupid.

    And worse than hype: cloud computing is 100% insecure. Every cloud provider of any size has long since been served with NSLs that require them to hand over all data and/or provide real-time network taps. Heck, major ones (e.g. Amazon) probably have APIs for surveillance built in.

    Cloud computing is used only by the inferior people who haven't thought it through.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    The Real Michael, Aug 22nd, 2013 @ 4:35am

    The Hartford

    They've sponsored this post.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 5:28am

    I've patented this brand new idea. I call it a 'hard drive.' It stores all of your files locally, for maximum protection.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 6:26am

    rush limbagh

    Is always pushing cloud services. Cryptonyte. Uh huh

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    BentFranklin (profile), Aug 22nd, 2013 @ 6:31am

    If I were the NSA/CIA, I'd set up some new "encrypted" emaila nd cloud storage services based in some other countries and see who I could get to use them.

    And since I thought of it you can be sure they did.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Nicholas Weaver (profile), Aug 22nd, 2013 @ 8:00am

    Cloud computing security

    The problems with cloud computing security can be summed up in four words: "Lawyers, Guns, and Money" (with apologies to Warren Zevon, my short talk with that title).

    And remember, rule #1 of Cloud Computing Operational Security if you actually have confidential information you need to protect: don't use cloud computing.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Nicholas Weaver (profile), Aug 22nd, 2013 @ 8:01am

    Re: Cloud computing security

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    John Fenderson (profile), Aug 22nd, 2013 @ 9:11am

    Re: Cloud computing security

    if you actually have confidential information you need to protect


    And the odds are overwhelming that you do -- particularly if you're using "cloud" services in connection with your cell phone or tablet.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Dirkmaster (profile), Aug 22nd, 2013 @ 9:22am

    A Secure Cloud Solution

    is actually possible. Of course, it's not quite as convenient as the unsafe varieties. And it probably won't be usable on any mobile devices. You just need to ensure that all data stored in the cloud is PIE (Pre-Internet Encrypted). It has to be encrypted by YOUR PC before it's transmitted. Any decent encryption package using a good 16+ digit truly random key will keep the NSA busy long after the data is useful.

    IMHO

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 9:53am

    Re: Re: Cloud computing security

    That's a brilliant little document. (Typo: Amazon is experimenting with "ads", not "adds".)

    I would add to that the near-certainty that agents in the employ of other governments and/or criminal organizations have found employment at Amazon and Rackspace and wherever. It's a no-brainer: get your people on the inside, have them collect a paycheck from the cloud provider and a tax-free bonus from you...and then wait. Just wait.

    If and when the day comes that they can retrieve specific information, or take specific action, that minimal investment will pay for itself a thousand times over.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    all your penis is belong to NSA, Aug 22nd, 2013 @ 1:32pm

    say no to drugs,er usa services

    lol

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 6:31pm

    Re: Cloud computing is 100% hype

    "Cloud computing is used only by the inferior people who haven't thought it through"

    Correction, it's for the digital invalids who cannot setup their own secure server, for that matter any server at all :)

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Killer_Tofu (profile), Aug 23rd, 2013 @ 10:51am

    Re:

    Until they show up at your house with professional locksmiths while you are out away. And they know when you are, because they know you address, your phone number, your phone provider, and the same info for anyone else who lives with you.

    And since they have access to all other records from major entertainment and communication services, they will know exactly when you leave and most likely for how long.

    They can just do a friendly drop in, copy your hard drive, and then poof back out. You need a pretty intense system to know that they were even there. Or just a non-bribable dog perhaps.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    ahmed sahy, Nov 24th, 2013 @ 10:37pm

    Re:

    hahaha u are so funny
    "I miss the days when America was the home of the free and the land of the brave. Now it's the land of the oppressed and home of the scared."
    love your comment dude

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This