Amazon and Wikileaks: Can we trust the cloud?
Cloud December 6th, 2010
So the recent furore around Wikileaks has got me thinking about the cloud in a slightly different fashion. I have always said that one of the big issues with the cloud has to be that you are no longer a big fish where it concerns the infrastructure that your data or applications reside upon.
If you own and run your own infrastructure then you are the biggest fish around when it comes to safeguarding the integrity of your applications and data. It only takes the CEO to say ‘Jump’ once and everybody in the IT department starts asking ‘how high?’.
If you are a tenant on a shared service in the more traditional sense you may still be the biggest customer and you still may find yourself in the driving seat.
If we start to look at the biggest providers of all, namely Amazon and RackSpace, you are no longer a big fish in fact you will in all probability be a minnow. Amazon have kicked wikileaks off its servers in response to political pressure, using violation of their Terms of Service as an excuse.
This is the relevant section from their ToS:
11.2. Applications and Content. You represent and warrant: [...] (iii) that Your Content (a) does not violate, misappropriates or infringes any rights of us or any third party, (b) does not constitutes defamation, invasion of privacy or publicity, or otherwise violates any rights of any third party, or (c) is not designed for use in any illegal activity or to promote illegal activities, including, without limitation, use in a manner that might be libelous or defamatory or otherwise malicious, illegal or harmful to any person or entity, or discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age;
This seems to be needlessly vague and could, in fact, be made to apply to any client. So what is being made clear is that if you use the cloud, you can be kicked off the service on a corporate whim. The fact that you are now a minnow means that there is no longer any pressure on the hosting organisation to care about you at all.
This does not just apply to highly politically controversial sites, it means if porn or nudity rules are tightened, childbirth or anti-rape sites, or the Scunthorpe tourist board could be taken down. It also doesn’t just apply to accidental inclusions, any change of the ToS could mean that you no longer qualify to use the service.
What does this mean? Well I’d say the old adage of if your data doesn’t live in three places it doesn’t exist might well apply here. ie use more than one cloud provider and duplicate your data.
The trouble is, if you use the above theory, it completely negates one of the big cloud advantages: Their backup, uptime and data retention policies to ensure the safety of your data are world class so you don’t have to bother.
Whatever the politics around Wikileaks, the willingness of the biggest provider to so publically drop a client, with no recourse, has to make everyone think again before moving into the cloud.
December 9th, 2010 at 8:31 pm
I don’t think everyone will “think again”; if they’ve thought through what moving their data from their own network to a service hosted by a third party it should be one of things considered. Where is that data to be hosted, what are the data laws of your country with regards to holding types of data offsite; what are the laws of the country hosting the data services? Along with – what are the SLA levels you sign up to; what penalties can be imposed for failing to meet them, and how are they measured and monitored.
What it also highlights, I think, is that data is a powerful commodity. Losing data is not like losing a server, or a laptop: restore from backup sometimes (as here) doesn’t apply. Oddly, there is a big song and dance about the presenting of this leaked information – but its all quiet on the western front about “how”. Wikileaks may have published this data, but how was it removed in the first place? In an organisation emphasis is put on protecting the boundaries to the Internet & other networks – but users access to data, and how they can then move that data around is often unchecked. As companies move towards delivery models where users have their own devices, they work remotely, they share information – how are you ensuring that sensitive and important information doesn’t just wander off?
The US may well be flexing their muscles to ensure that the Assange is demonised, but where is it kicking off that the US’ data-management is apparently inadequate?
July 4th, 2011 at 6:46 pm
world maps 2008,