Consultant Bernard Golden has some intense reactions to my recent piece in the New York Times on cloud computing. In it I shared some basic worries-and one advanced worry-to be dealt with. I'll boil them down a little further here.
The basics: privacy, security, and data portability. When your data is in someone else's hands, it's given less protection under the law than if it were on your hard drive. E-mail in Outlook is given more protection from government surveillance than e-mail at Gmail. That's an unfair tilt in the playing field against cloud enterprises, and the law ought to be fixed.
Remotely stored data can have less protection in practice, too, since client-server communications aren't always encrypted. We know how to fix that, too: companies that offer remote services ought to have secure communications built in, and many already do. This can be particularly helpful when a service's customers are located in places governed by authoritarian regimes. Why make it easy for the Iranian government to spy on its people? And user error can be magnified when everything's online: compromise a password and the bad guys get into all your stuff. Your PC can be prone to malware-I have a chapter devoted to that issue in the book-but spilling your one-for-all password much more readily compromises your online data than your PC data. Absent malware, hackers need physical access to your machine to use your password against you. But even without hacking the Yahoo! server they can be anywhere in the world and still get your Yahoo! mail if they've got the password.
[For timely cloud computing news and expert analysis, see CIO.com's Cloud Computing Drilldown section. ]
Finally, data portability: your data can be difficult to extract from some of the most popular online platforms, making it difficult to cast a vote with your feet and move to a new provider if you're not satisfied. This is especially true for social networking sites like Facebook.
Mr. Golden's reply on privacy is agreement: he thinks it will be "the cloud issue in the future."
On security he thinks it's your fault for losing your password, so don't blame the cloud. That's like saying it's your fault for sliding off the road in rainy weather-don't also blame a car manufacturer who, say, not only neglected to put in seat belts, but also placed an ornamental spike on the steering wheel. We can agree that people should have better password practices, but we know so many won't. That's why it's important to better secure data in the cloud. Passwords are convenient, but for anything truly sensitive we can do better-as banks are slowly starting to discover as they react to so many successful phishing attacks against their customers.
On securing data communications, Mr. Golden says that doesn't really count as a cloud problem. Much depends on how you define "cloud," and that's been a surprisingly difficult task. More on that later-it's true, I define it quite broadly, and I'll explain why.
On data portability, for which I'd used Facebook as an example, Mr. Golden says that some sites have APIs through which data can be extracted, and for many of the rest it doesn't matter much, since "social sites are a transitional phenomenon anyway." (I'm curious: transitional to what?) I disagree with that prediction, and crystal balls aside, social sites are a huge phenomenon right now-at least in the mainstream consumer space rather than the enterprise environment. People share their lives through them: photos, videos, news, relationships. How to let people manage their data within them, not simply what they submit themselves, but also "mouse dropping" data like the stuff that can routinely appear in their news feeds as they act elsewhere on the site or in the world, and data that implicates their relationships with their friends-this is a nuanced question. Facebook says that its barriers to quick data extraction can help protect the privacy of your friends as against you, and maybe they have a point. The issue really deserves analysis, not dismissal. The groundwork for treating private data is being laid now-much of the most interesting dialogue in this space happens when Facebook makes a privacy or rights change in its terms of service.