NIL cloud trust

I have talked about the issue of data center security in my previous blog posts and described that data centers of global IT cloud providers are built to last and can and will withstand just about anything – hardware, software and security wise. The only notable issue remaining with them is therefore trust related.

My work requires me to talk a great deal. But when it comes to the cloud it seems the majority of talks head in the same direction. It doesn’t really matter if we discuss local or global cloud providers; we always end up discussing the issue of security. But in the end we always come to the issue of trust and not security. Do we trust the cloud provider that our data will be secure, not tampered with, available and that it won’t get lost?

Do we trust the cloud provider that we can get the data back (in some readable form) and we can move it somewhere else if we are not satisfied with the provided services? One has to have an exit strategy, right? In these talks I always remember the Alan Ford comic where a signs in cinema says: “free entry, you only have to pay to exit”. It could be a pretty accurate representation for the whole data-in-the-cloud business as well.

There is no free lunch

In general there are two types of cloud providers. Those who offer “free” services and those who charge you for them. But the ones offering free services have to make money somehow. Usually they try to make bank with data processing and analytics combined with selling their users' profiles to advertisers. Even so, some of them don't survive and close shop. I have seen it all over the world – some email or data backup service going out of business since its provider couldn't even pay the electricity bill anymore. So the “life expectancy” of a service is much longer when it comes to cloud services that one actually pays for (and not with its clients' own data).

Marriage like bond

When you trust somebody, the bond is strong – like with all great friendships and marriage.

Why do we even have trust issues when it comes to cloud services?

Let’s compare them to the operating system providers: just about all users of Windows and Linux distributions trust them 100%. They have total faith that the patches and upgrades the provider distributes will work flawlessly. Even though these patches and upgrades could effectively change the entire OS behavior, and we would know nothing about it. In the OS world trust is obviously not the issue. So, why does it show up when we want to move OS's, applications and/or data to the cloud?

I don’t know – it’s irrational.

Even more so when we think about the cloud services we use in our private life – many users use OneDrive, Gmail, Hotmail, Google Docs, Picasa and several other services on daily basis. And we more or less trust them, right?

How does one establish trust?

There was a lot of head scratching going on at Amazon, Google, Microsoft and other companies when this question was presented. The giants have taken the following approach: certificates. They certified their data centers and services for just about anything business related. So we are confident it works, that it’s safe, etc.

This is pure logic. How many certificates does your server's room have? One, maybe two? Local cloud providers will feature a great deal more, coupled with some ITIL practices. But when it comes to global providers, the list goes on and on and on. Their data centers feature so many certificates we cannot even envision getting and maintaining, as we don’t have sufficient time, money, knowledge and willpower.

I’ve been to Microsoft’s global data center. Believe me – the physical and digital security measures are truly something else. You won’t see such a strict approach and rules in banks and treasuries. Internal and external staff are separated, data protection measures of incredible scale, electricity guaranteed by several redundant solutions/providers. I am pretty sure Amazon and Google adopt a similar “nothing is left to chance” approach in their data centers.

Fear not

Your data in the cloud – as long as you stick with big names in the IT-business – is safe and sound. Nobody is poking around with it either. Just think about how many global corporations use SalesForce CRM to handle their most precious data (clients, contracts, etc.). And, as Larry Ellison said (probably more than once), “It is only a spreadsheet in the cloud.”

I am sure that your data are in general actually safer in the cloud than they are in the box in your company’s basement. Trust me!