Where Is My Data? Is It Safe? Can I Move It?

Udayakumar Nalinasekaren
Dec 23, 2010

Now we understand the different types of cloud applications. We also understand that Cloud Computing is a bidirectional process and we need to transmit and receive data to be able to leverage a cloud based computer. Some of this data could be stored on the cloud as well.

Let us concentrate on data now. In the earlier post, we saw that data for the individual could be private, secret, and sensitive. For enterprises it could be highly confidential. What are some issues around sending, receiving and storing data in cloud computing?

No Control On Who Can See Our Data

Unless you choose the right transmission technology, your sensitive data traveling on the wire to and from the cloud computer can be seen by all. It could be your bank account number and balance information that is traveling on the wire. If transmission is not properly secured, you are doing the equivalent of advertising that information on the back of a public transportation vehichle. Fortunately for us, in this matter, today's cloud applications offer adequate security and safety almost automatically.

Next is about data storage. When you store data in a cloud computer, unless you choose the right protection technologies and/or service plans, you have no control on who can see your sensitive data. Recently I read somewhere that potential employers search for new hire profiles in Facebook as part of conducting a background check. Imagine other possibilities.

How easy is it to move my data around in the cloud

Do you store your valueables in a bank locker? Subsequently, when you need access to your own valuables, it is not as easy as opening a vault in your home and taking stuff out. You need to follow a lengthy procedure, adhere to bank timings and so on. Secondly, the locker service has a time bound contract. If you want to move locker services to a different bank, you will consider the terms of the contract before doing so. Otherwise, you will lose money. Storing data on the cloud has similar issues.

In any mature industry, you will have the choice of who your service provider should be. If one service provider sucks, you should have the freedom to switch to another service provider. Such switching should be an easy process. Switching a phone service at your home to a different service provider is usually easy and just one call away. In developed countries, nothing changes in your premises. The service providers do some magic and voila! your next month bill comes from another service provider (I can hear some of you sigh and say "I wish so!"). Switching the cloud operator is not yet such a simple process.

Take e-mail for example. Migration of that service from one operator to another involves movement of data as well. First of all, you will not get the same e-mail id. If you have zillions of e-mails stored in your archive, is there any way you can tell that all data have been securely migrated? How long should the outgoing operator keep your data while you are checking? Will you pay for the holding time of your outgoing operator? Does everybody have the wherewithall to do the migration of data by themselves so that a third person does not ever touch that data. i.e are they technically savvy to do so?

National Security

The third point is from a national security perspective. There is a lot of sensitive social, political , economic and strategic information exchanged in e-mails. Governments usually care a lot about what information should be inside the country and what information can be outside the country.

With the reach and speed of internet today, a service provider can keep a mail service in Timbuktoo for all they care. Assuming that the service is popular that everyone gets on to it, all the intelligence of the world gets stored in Timbuktoo under Timbuktoo government judistriction. Does not sound right at all!

To prevent this from happening, governments have policies that govern service providers who provide computing services. They are usually required to set up "in country" infrastructure. In countries with a large population base like India and China and a growing market as well, this may not pose a problem for the service providers. In places like the European Union, cloud service providers cannot acheive economies of scale because member countries have severe restrictions on data protection resulting in the need for "in country" infrastructure in each small country.