♫ ‘cuz I don’t wanna come back down from this cloud
it’s taken me all this time to find out what I need… ♫
Lyrics, music and recorded by Bush.
It seems these days that virtually everyone is jumping on the cloud computing bandwagon. However, while the cloud offers a great deal especially to the solo and small firm lawyer, there are considerations to take into account prior to moving to the cloud. Here is a selection of ethical and practical considerations in cloud computing illustrated by real-life examples of turbulence felt in the cloud:
What if the cloud provider goes down?
Can’t happen? Just ask any of the businesses that used Amazon cloud services. The New York Times in an article by Steve Lohr on April 22, 2011 detailed the issues that Amazon’s 4 day outage created:
As technical problems interrupted computer services provided by Amazon for a second day on Friday, industry analysts said the troubles would prompt many companies to reconsider relying on remote computers beyond their control.
“This is a wake-up call for cloud computing,” said Matthew Eastwood, an analyst for the research firm IDC, using the term for accessing services and information in big data centers remotely over the Internet from anywhere, as if the services were in a cloud. “It will force a conversation in the industry.”
That discussion, he said, will most likely center on what data and computer operations to send off to the cloud and what to keep inside the corporate walls.
But what to store in the cloud and what to keep on the home office is but one of the issues raised by the Amazon outage.
[A]another issue, Mr. Eastwood said, will be a re-examination of the contracts that cover cloud services — how much to pay for backup and recovery services, including paying extra for data centers in different locations. That is because the companies that were apparently hit hardest by the Amazon interruption were start-ups that, analysts said, are focused on moving fast in pursuit of growth, and less apt to pay for extensive backup and recovery services.
While one of the appeals of the cloud is a reduced need to concern oneself about the details of the computing environment, it seems that the Amazon failure has led to considerations of ‘computing insurance’ or in other words, having your cloud services on multiple data centers for the purposes of redundancy and resistance against failure.
Perhaps the last word on the Amazon situation is left to a competitor of Amazon’s cloud services, Lew Moorman, hief strategy officer of Rackspace:
The Amazon interruption… was the computing equivalent of an airplane crash. It is a major episode with widespread damage. But airline travel, he noted, is still safer than traveling in a car — analogous to cloud computing being safer than data centers run by individual companies.
What if the cloud provider goes under?
Can’t happen? Ask the users of RedGorilla – and others. In an article from Dec. 7, 2000 by Melanie Austria Farmer in CNET, she looked at early cloud providers (called ASPs at that time) such as Red Gorilla:
When Red Gorilla swung into the application service market, companies rushed to take advantage of its free services. A year later, clients trying to tap into their time and expense software programs got error messages instead: Red Gorilla had abruptly ditched the application service provider (ASP) jungle in October, leaving its clients hanging.
“Our billing cycle was coming to a close…I sent an email to (Red Gorilla) user support, and it bounced back,” said former Red Gorilla customer Pam LaFollette of Kinetic. “That’s when everyone got real pale.”
Red Gorilla, which handed off its clients to another ASP, is not the only company in the new and volatile ASP market to shut its doors. On Thursday, HotOffice.com announced that it would close down December 19 because of the harsh market conditions and referred customers to another ASP. In July, Pandesic, an older ASP formed between technology giants Intel and SAP, closed because it was not on a timely road to profitability.
In what could be an errie forecast of the future of the current ‘freenium’ cloud services, it is stated in Farmer’s article:
Red Gorilla also offered clients no-cost service, hoping to make money by luring them to other subscription-based applications. All the while, the company was burning through their venture capital and could not secure additional funds.
I guess in the freenium world, you get what you pay for….
What if the cloud provider gets hacked?
Can’t happen? Just Ask McDonalds…
Security Dark Reading reported:
McDonald’s said a database containing customer email addresses, birth date information, and phone numbers was compromised when its third-party database firm was discovered to have been hacked. McDonald’s was contacted by Arc Worldwide, a firm that handles McDonald’s marketing and other promotions, that customer information from some of its websites and promotions had been breached via a hack of a firm that handled the database of McDonald’s customer emails. Silverpop reportedly was the breached firm in question, but the companies won’t confirm or deny the relationship on the record.
There seems to be an aura of invincibility regarding the security of cloud providers. However, while cloud providers may build in excellent technical security, I don’t see why they are not just as susceptible to phishing attacks and other attempts that aim at the human parts of the operation as any other organization.
What if the cloud provider just doesn’t want to offer the service anymore?
Can’t happen? Ask the users of Quicken Online…
In an article by Kristen Nicole in InfoBoom, it is set forth:
Just because it’s in the cloud doesn’t mean it will always be there for you, despite the best of intentions. Intuit’s Quicken Online has been shut down today, as expected. What’s missing, however, is a replacement tool. Originally slotted for Mint.com, the personal finance management tool Intuit acquired last year, Quicken Online users are now left with nothing at all.
One would think from listening to the cloud providers that even if a cloud provider went under, a user would be left with their data in a ‘standard format’ that could be ported into yet another cloud provider. Unfortunately for the users of Quicken Online, this wasn’t the case. It was expected that Quicken would provide a path to its other financial cloud offering Mint.com.
Q. Can I transfer or import my Quicken Online data to Mint.com?
A. No. After careful consideration we made the decision to not transfer or allow customers to transfer their data from Quicken Online to Mint.com.
The cloud providers also claim to listen to their subscribers. However:
One very upset customer asked Quicken to “at least wait until the end of the year so that people can have a complete year’s worth of financial records for tax purposes? I know it’s free, and I know you don’t necessarily “owe” anyone anything, but shutting down the product before the year ends is just a really bad idea, and basically tells consumers “Our product wasn’t worth anything anyway, and you probably shouldn’t use Mint.com either, because the same thing might happen with your data.”
Quicken online is a financial cloud product. Just imagine if a lawyer was using it for general or trust accounting…
What if the cloud provider wants to look at your data?
Can’t happen? Look at Amazon’s Cloud Drive’s user agreement:
In an article by Steven J. Vaughan-Nichol, March 29, 2011 in ZDNet, it is set forth:
The new Amazon consumer cloud service also works well. It’s just too bad that you have to give up all privacy to use it.
Don’t believe me? Read the Amazon Cloud Drive Terms of Use for yourself. In particular, take a glance at: Section 5.2:
“5.2 Our Right to Access Your Files. You give us the right to access, retain, use and disclose your account information and Your Files: to provide you with technical support and address technical issues; to investigate compliance with the terms of this Agreement, enforce the terms of this Agreement and protect the Service and its users from fraud or security threats; or as we determine is necessary to provide the Service or comply with applicable law”
To be fair, Amazon’s Cloud Drive is aimed at online music storage and that may raise particular copyright issues – they may not wish to be accused of somehow assisting people to break copyright law. But how many people read those ‘click through’ service agreements that every cloud provider has and what is in each of them? As Steven J. Vaughan-Nichol states in his concluding paragraph:
Nice try Amazon, but you’ll excuse me if I don’t give you the right to access, retain, use and disclose my account information and my files.
I know that once people move to the cloud you don’t want to come down. Accordingly it is vitally important to take the time to find out what you need to know regarding the potential problems of being in the cloud.
(Hat tip to Joseph Kashi and Dan Coolidge, two lawyer technologist friends who provided references and ideas for this article).
This entry was posted on Monday, May 2nd, 2011 at 2:00 am and is filed under Issues facing Law Firms, Law Firm Strategy, Leadership and Strategic Planning, Technology, Tips, Trends. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.4 Responses to “Turbulence in the Clouds”
May 6th, 2011 at 4:02 pm
Greetings:
As a follow-up to this article:
Cloud Storage Spurned By Fortune 1000
Concerns about costs, speed of data retrieval led 87% of enterprises surveyed by TheInfoPro to dismiss the technology for archive and backup.
By Chandler Harris InformationWeek
May 05, 2011 12:08 PM
When it comes to cloud-based storage offerings, most enterprise-class companies are not interested, even for the lowest tier of data for archiving purposes, according to a survey of 247 Fortune 1000 corporations.
The survey, by 451 Group division TheInfoPro, found that 87% of those surveyed had no plans to use cloud storage as an archive or lower tier. Even small and midsize businesses weren’t interested in cloud-based storage, with about the same 90% feeling apathy toward the technology, said Marco Coulter, TheInfoPro’s research director of storage.
There are plenty of cloud services, but many rely on virtual processes running on shared systems. Stratascale’s Ironscale lets you provision bare metal services. Mike Fratto provides a hands-on review of how it works and what you can do with it.
“It doesn’t make sense for (the surveyed respondents) to separate their computers and storage, and have the computers internally and storage externally,” Coulter said in an interview. “Even for archiving data they were concerned they couldn’t retrieve their data in time.”
The findings reflect the same lack of interest that has forced Iron Mountain, EMC, and Vaultscape to close their storage-as-a-service offerings over the past couple years..
You can read the full article at:
http://www.informationweek.com/news/storage/data_protection/229402850?cid=RSSfeed_IWK_All
Cheers,
Dave
May 13th, 2011 at 12:28 pm
[…] for the Law Society of British Columbia, pointed out in a blog post recent entitled Turbulence in the Clouds, there are problems with reliability, availability, security and privacy. And the more you use the […]
May 16th, 2011 at 11:24 am
Dave, thanks for the article. Here is a link another one from The Lawyers Weekly that also warns of the risks:
http://www.lawyersweekly-digital.com/lawyersweekly/3103?sub_id=yaRVQ4SCdcIJ
May 25th, 2011 at 9:10 am
Greetings:
Here is a good article by John Dvorak of PCMagazine dated May 16, 2011:
http://www.pcmag.com/article2/0,2817,2385463,00.asp
“The Cloud: Risky, Unreliable, and Dumb”
John states:
“I’m not saying the cloud isn’t viable. I just think it’s risky, unreliable, and dumb for many uses.”
Good analysis from a risk-management perspective.
Cheers,
Dave