When data is not in your safekeep ..

Udayakumar Nalinasekaren
Dec 19, 2010

It is evident now that just like your telephone service company or cable service company, there will be a service company that could lend you computing power (also called CPU/ processor/ microprocessor cycles) for free. The CPU cycles are actually not delivered to your premises. Instead you send your data to where the CPU infrastructure is located and results are sent back to you. These service providers also typically provide storage for you to store your inputs and results.

Most of us use Gmail. The e-mail we write to our friend or the one that our friend writes to us is not stored in our computer. In Gmail service which is free, some of the essential components to operate a functional e-mail service have not been paid for by you. One is the software program which sends, receives, displays and organizes your e-mail. The other is the storage space that you need to store and archive your e-mails and contacts directory. Google invests in the program, storage, the processing power and the networking gear that is required to connect to you as well as with those who you can communicate with using Gmail.

Let us for the moment concentrate on issues around data. When your e-mail data is stored in your computer, only you and those who you provide access to your computer can access that e-mail data. E-mail data consists of your contact information, the contact information of all those you communicate with, and all the sensitive private information in your e-mails. When you store this data outside your safekeep, you simply do not know who all have access to it and cannot find out if anyone is accessing it and using it without your permission. Remember, this has nothing to do with Google in particular.

Data is Sensitive

The point is, data is sensitive. When you have to send data over a network or store it in a service provider location, you have no control on your sensitive data. Recently I read somewhere that employers search for new hire profiles in Facebook as part of conducting a background check. Imagine other possibilities.

Migration for cause or convenience (Sounds legalese!)

The second point is about changing your service provider. In a mature industry, you have a choice of who your service provider should be. If one service provider sucks, you should have the freedom to switch to another service provider. Such switching should be an easy process. Switching a phone service at your home to a different service provider is usually easy and just one call away. In developed countries, nothing changes in your premises. The service providers do some magic and voila! your next month bill comes from another service provider (I can hear some of you sigh and say "I wish so!").

In the e-mail example, migration involves movement of data from one service provider to another. If you have zillions of e-mails stored in your archive, is there any way you can tell that all data have been securely migrated? How long should the outgoing service provider keep your data while you are checking? Will you pay for the holding time? Does everybody have the wherewithall to do the migration by themself?

National Security

The third point is from a national security perspective. There is a lot of sensitive social, political and strategic information exchanged in e-mails. Governments usually care a lot about what information should be inside the country and what information can be outside the country.

With the reach and speed of internet today, a service provider can keep a mail service in Timbuktoo for all they care. Assuming that the service is popular that everyone gets on to it, all the intelligence of the world gets stored in Timbuktoo under Timbuktoo government judistriction. Does not sound right at all!

To prevent this from happening, governments have policies that govern service providers who provide computing services. They are usually required to set up "in country" infrastructure. In countries with a large population base like India and China and a growing market as well, this may not pose a problem for the service providers. In places like the European Union, cloud service providers cannot acheive economies of scale because member countries have severe restrictions on data protection resulting in the need for "in country" infrastructure in each small country.