Should We Trust the Cloud?
By: visrod • Research Paper • 1,253 Words • April 23, 2011 • 1,331 Views
Should We Trust the Cloud?
Should We Trust The Cloud?
Introduction
This review will first describe the exciting new technology known as ‘The Cloud'. It will then identify the key risks associated with its use, and finally, will summarise whether the cloud should be trusted by the companies and individuals who use it.
Review of Literature
The cloud is a new trend in computing which usually involves users accessing remote internet server based data and software programs through a web browser. Typically, these resources are provided by organisations that have the ability to dynamically scale the level of service provided to the customer and involve some big players such as Microsoft, Amazon and Google (Kambil, 2009).
Users have generally known where their data resides. Typically, the location would be, either on-site, or at a specific remote location, such as a data centre. However, Edwards (2009), points out that the cloud can split a customer's information over different servers, even in different countries. This is likely to make users feel uncomfortable and not in control of their files, so it is important to choose a reputable provider who will inform the customer where the data will be held. Thurman (2008) raises a further, but related issue which is "co-mingling". It is quite conceivable that, when scalability and cost savings are the main drivers, one organisation's data might mingle with another's on the same server. That might not matter too much with some data, but what if it includes medical records?
The applications which can be ‘vaporised' to the cloud should be considered on a case by case basis. There is consensus from Waxer (2009), and Damoulakis (2009), that straightforward document archiving is ideally suited to the cloud. Effectively, this is what we do when we put our photographs on Flickr.com . Most companies have huge
Flickr.com is a cloud based image and video hosting website. Its primary use is as a popular website for users to share personal photographs.
amounts of data which they store simply because they don't know how to go about getting rid of stuff they no longer need, and they are ideally suited to cloud use
Conversely, it probably wouldn't be a good idea for an organisation to use the cloud to store the detail of its plans to take over another company.
The risk of being locked into a single provider is an issue highlighted by "Clash of the Clouds." (2009). Will you be able to get your data if you want to move? What format will the data be in? Good providers are using open standards which should make moving easier, but until these are established across the industry there is a risk of being stuck with a provider who is not giving the required service and, or, price. So great is this issue, that a company named ‘Cloudkick' has formed with the specific aim of helping customers to move provider (Naone, 2009).
Disaster recovery has usually been practiced in-house where a ‘dummy' disaster is recovered from periodically, but how would you know the provider has an effective plan? Waxer (2009) recommends checking the provider offers sufficient backup alternatives. Leading companies must be able to demonstrate that they can shut down servers in one location and continue seamlessly from another with both the customer's data and applications. Indeed, Morgan Stanley regularly performs such tests (Crosman, 2009).
Security of data is paramount to most organisations. If the data is local, the user usually has a feeling of greater control. If the information is with a cloud provider, how does he know who has access to it and what security measures are in place? Zielinski (2009) describes a number of instances where security has been breached and it is interesting to note that it may be the cloud customer, rather than the cloud provider, who faces prosecution for data loss. Also, what happens if the state demands access to sensitive data being held in the cloud? The provider is likely to hand over the data with little fuss, whereas, if the data resided with the owner, there may have been a legal challenge to stop the data leaving the user (Hayes, 2008). It would seem logical to expect a provider's security processes to be externally audited. Doing so would increase the likelihood generic standards in this rapidly emerging industry. Edwards (2009) also suggests that all data should be encrypted so that it can't be read by anyone else. Arguably the most extreme commercial examples where data security is concerned are those industries which are regulated. It is interesting that the USA data protection laws are much