Bruce Schneier has a series of articles that ponder the risks and rewards of jumping into cloud computing. That is the concept of storing your data and computing power with an on-line service provider.
(This discussion is cross-posted from my other blog, Nonprofit Update, because the same issues apply in a CPA firm. You may find this discussion helpful for your clients who are pondering a jump to the cloud for major applications.)
Some things to consider:
6/10 – Schneier on Security – Should Companies Do Most of Their Computing in the Cloud? (Part 1) – The answer is complicated. The efficiencies and cost savings are real and a major advantage.
On the other hand, there may be legal issues, such as your government creates far higher privacy standards than the country where your data will be stored or another country places severe restrictions on data you store there.Or some governments (i.e. the U.S.) make is exquisitely easy to turn over your data to any governmental agency that has a whim to take a peek.
Major risk that I see, which doesn’t get much attention, is what happens if your vendor suddenly goes out of business. The strongest conceivable contractual commitments do you no good when the vendor turns off their server farm. Collecting on a claim in bankruptcy a year from now is useless when all your data disappeared.
Then there is the risk you trip across some obscure trivia in the vendor’s term of service you didn’t know about. Your vendor can make a unilateral, unappealable decision to close your account. The first thing you will know of a problem is when every bit and byte of your data disappeared.
6/10 – Schneier on Security – Should Companies Do Most of Their Computing in the Cloud? (Part 2) – Article points out different approaches of students at Harvard, who store every last piece of their personal documents online, with Mr. Schneier, who stores all his personal documents and information on his systems.
Reasons? The same decision he faces as an individual is the same decision companies have to make:
- Control over the data – who can get to it?
- Security – He thinks he can do a better job than the cloud systems.
- Trust – He has not trust that large corporations won’t sell his data as their intended business strategy or turn it over to any government agency or employee that has a whim to see it.
He does think that the benefits of cloud outweigh the risks overall. Just not for him personally.
6/10 – Schneier on Security – Should Companies Do Most of Their Computing in the Cloud? (Part 3) – Article provides an exquisitely brief survey of the long list of reasons why cloud computing is not trustworthy.
You don’t know whether your provider is actually taking security seriously or not. You don’t know how extensively your provider is selling you to others. You don’t have any idea how much of your data or how frequently your data has been turned over without your knowledge to which federal, state, and local government agencies. All the while, you are legally liable for any breach of your data.
Article says the level of trust we have in cloud providers is going to have to increase dramatically before cloud use really takes off. The necessary trust just isn’t there today.
There are some of the things to ponder as you consider launching all your mission critical files out to the cloud.