Trade secrets are your company’s most valuable assets. But what if your company’s secrets include public domain information? Does the inclusion of public domain information destroy the secret?
<< MORE >>Let's talk a little more about privacy, security and cloud computing.
I began my last blog entry by announcing that cloud computing is not a threat to privacy or security. (Nothing has changed in the past few weeks—it's still not a threat to privacy or security). I also argued that issues of privacy and security in the cloud computing arena (i) are directly connected to the quality of the contracts that govern the cloud-based transaction, and (2) will not necessarily be ...<< MORE >>
Let's talk about privacy and cloud computing. Lots of pundits believe that cloud computing spells the end of consumer privacy. Many critics say that with cloud computing, your data can never truly be safe.
I won't say those pundits are wrong——oh, wait. I will.
They're wrong. They're really wrong. And I'm going to tell you why, in detail.
Before I do, let me give you a working definition of what cloud computing is, and what it isn't.
Simply put, cloud computing is the ability to access services over the Internet without having to own or host those services on your own computer. Too complicated for you? Let me boil out the techno-lingo and put it this way: if you access it using the Internet but you never loaded it into your computer, then it's likely a cloud computing application.
Examples of cloud computing applications: Google Apps. Snapfish. Yahoo mail. Hotmail. (Have I hit one that you're familiar with yet? No? Really? Ok, let me keep going....) Twitter. Facebook. Photoshop Express. Mozy.com. BitTorrent. iContact.com.
Cloud computing is NOT a thing, or a technology, or a particular piece of hardware or software. It's a concept, an idea. It's a way of doing things—and it's the way you'll be doing things in the not-too-distant future.
Now let's get back to privacy.
Some people say that if it isn't on your local computer, you can never be sure (i) who will see it, (ii) who can take it, (iii) who can use it, and (iv) who can alter it. This argument, which I call the "Local Is Always Better" argument, can be found in virtually every attack on cloud computing's ability to keep private things private.
I've perused the Web and found some specific attacks against privacy and cloud computing—let's see how the "Local Is Always Better" argument rears its (very ugly) head in these attacks, and how your hero—that would be me—defends cloud computing against these attacks.
Attack 1 (a/k/a the "I Hate A Tough Contract" attack): Cloud computing relies on private agreements between users and cloud computing service providers. Consequently, service providers could change their terms of service with little or no notice to users of the service. Also, there may be inadequate or unenforceable remedies against providers who suffer a data breach or who misuse data in their possession.
Defense: Cloud computing is, indeed, a creature of contract. So here's what you need to do: READ YOUR CONTRACT. (Leave it to an attorney to come up with a revolutionary idea like actually reading something before you agree to it...) If you don't like the terms, then don't use the provider. For example, if the contract says, "Provider can change the terms of this Agreement without prior notice to customer," then run for the hills.
If the provider doesn't require you to accept a contract, then that's no good either. Remember: any company whose motto is, "The rules are, there ain't no rules", doesn't deserve your business.
If you don't understand the terms, then call your attorney. But you say, "I don't have an attorney." You also say, "What should I look for to know if the cloud computing contract is any good?" Great question (glad I asked it). Contact me and I'll send you my white paper, "Cloud Computing Agreements: A Primer for Consumers."
Attack 2 (a/k/a the "It's a Superstore" attack). Cloud computing applications will become monopolized and centralized in the hands of a few powerful providers, decreasing competition and attracting hackers to "high value" targets.
Defense: Cloud computing has been around for decades, and it has yet to become monopolized by any single company or group of companies. Why? Because one company can't be all things to all people. The services demanded by consumers are so varied, that any company that tried to tackle all of those services (or even most of them) would be committing suicide, and would be highly vulnerable to smaller, nimble niche players.
The argument that cloud providers would attract hackers is utter nonsense. Does Walmart attract more burglars because there's more stuff inside to steal? As long as technology abounds, hackers will be unwelcome but ever-present guests. Hackers hack; that's what they do. You don't run from hackers; you build a bigger and stronger wall around your stuff. (Hmmm, here's a thought: do you think that security solution providers have started building apps that are cloud-specific? Might the cloud virtually eliminate the need for security software on your local computer? Something to think about....)
Yes, I know that certain cloud computing applications have been hacked recently. But if you think about the number of people who use those applications, and the number of attacks that have been launched unsuccessfully against those applications, you'll soon realize that cloud computing is probably the safest way to travel along the (cliché alert!) Internet superhighway.
Ok, that's it for now. Part II of this entry is coming up in a few days, at which time we'll explore some other attacks on cloud computing's ability to keep things private.....