Is it time to start the big cloud freak-out?
My friend Rita Ashley, proprietress of Job Search Debugged, pointed me to a new service that’s about to launch called LifeStreamBackup.com. Its idea is to help you back up your data living in services like Flickr, through the use of Amazon S3. Rita was wondering if identity professionals would look askance at this approach, where your personal stuff gets saved and propagated…elsewhere. And now the Google GDrive rumors are heating up again, which raises similar issues.
(As of a few days ago, the LifeStreamBackup offering seemed to require you to give it all your passwords to those other services it’s backing up — that’s another eek right there, though I don’t mean to pick on them exclusively. That mention has disappeared; maybe they’re feverishly working on OAuth support?)
Jason Scott thinks it’s nuts to count on others to store anything you really care about, and says so in his delicate and nuanced way in a post called F*** the Cloud. He’s a digital historian, has saved lots and lots of data from extinction (he’s got a great new effort for doing more of that), and knows whereof he speaks.
On the other hand, as Jason points out, outsourcing data storage predates the Big Cloud Concept, and I don’t think we’re going to go in the direction of hoarding more data under our figurative mattresses rather than less. What assurances can we build in to ensure safe storage and protected sharing of hosted data? Jim Kobielus has a long and thoughtful post saying federation and federated identity need to permeate cloud architectures to solve this properly. I think he’s right.
Since this post has turned into something of a link roundup, I’d be remiss if I didn’t point to Hubert Le Van Gong’s note about the paper he, Susan Landau, and Robin Wilton authored on the subject of achieving privacy in an environment where identity data is being flung around with great force.
Federating, distributing, coupling systems loosely…the basic concepts aren’t new, just the degree of sophistication we’re finally achieving — and maybe the degree of risk.
Eve, Thank you for covering this topic and providing important links. One link suggested we take personal responsibility for back up of our out data.
My policy has always been to have a partition on my hard drive for back up, a second mirror drive and a “500 Gig notebook” drive. I recently discovered my notebook has a failure rate of about 75% after 2-3 years AND there is no way to repair it or retrieve the data. Research says this is not uncommon for external drives. What’s a Luddite to do???
Lost in cyberspace….
It is nuts to count on institutions that have no commercial relationship with you, but then it’s nuts to count on your suppliers (you may be able to sue, but they can’t get your data back once they’ve lost it) or even yourself (the burden of my comment at Jason Scott’s post).
Rita– If you look at Jason’s solution (shared in his comment thread), it looks like you’re definitely asking the right question! The answer can be found in the Dept. of Redundancy Dept.
John– I’ve had people in big IT shops tell me that SLAs are kind of hope-for-the-best anyway for this reason. And if you sue them, you might have a “waiter spitting in the soup” problem thereafter as your relationship with them deteriorates.
I make quite a lot of use of dropbox (www.getdropbox.com) – a sync and share solution which I think has S3 as its backend.
Although they highlight their security, I take the added precaution of storing data there inside a truecrypt drive (www.truecrypt.org).
Since I have three computers linked to this sync and share services it effectively means I get three copies of this cloud data.
I took a look at dropbox some time ago, and it looked very elegant. Just be aware that the terms of use currently state, “You acknowledge and agree that you should not rely on the Site, Content, Files and Services for any reason” — and if they made promises beyond that, you probably shouldn’t trust those promises. :-)
(Again, I’m not picking on any one service, just pointing out the reality…)
re: terms of use, agreed, however like I said, I take care of my security, and the redundancy means I lose nothing if it goes away.
I think a lot of the anti-cloud sentiment is over blown, most “ordinary” (not tech) folk I know make no backups of their “local” machine whatsoever, how much data has been silently lost and dogs kicked because of this. With regard to data archiving I think more “average users” will gain from the cloud than will lose from it, however, I’m less sanguine about data privacy.
All good points…
This weekend my husband and I helped non-techie friends recover email they had accidentally hard-deleted. It turned out buying a speciality recovery program was a viable option both technically and cost-wise, and they got nearly everything back. But they would be hosed in a major disk crash – no backup strategy at all.