Is The Cloud Horrendous?

Recently Steve Wozniak, who co-founded Apple with the late Steve Jobs, predicted "horrible problems" in the next five years as cloud-based computing begins to mainstream. He was recently quoted: 

"I really worry about everything going to the cloud. I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years."

Mr. Wozniak went on to describe how data in the cloud will belong to the cloud provider and the individual will lose ownership of their own content, but it is more complicated than that. In my previous article, I outlined that cloud providers must enhance their security controls, but this is not just about controlling the security for access to content on line.

Most cloud providers are able to reduce cost and increase operational efficiency by storing data across multiple servers and disk arrays, these same servers are used for all customers, meaning that your data is shared on the same server as thousands of other clients. Most providers use database configured controls to ensure each client has access to their specific content. In practice, this design works well and is very effective; of course this design also makes it very difficult to return all content should you leave the provider and as with anything there is always the chance for a glitch.

The risk of a glitch is not what scares me, in 15 years I have only seen this type of issue occur a handful of times and the exposure to clients has been minimal, what really concerns me is what happens when the hardware is upgraded? In 15 years of dealing with fortune 1000 clients I have never been asked what do you do with outdated hardware?

The reality is that this equipment has content stored on the hard drives, unless they are physically destroyed or wiped in a manner that prevents recovery, your data can be reassembled. The other question you have to ask is what do companies do with their outdated hardware? Many companies sell them on EBay so you have no idea who just received potential access to your data. I have never seen a cloud based contract that was executed outline what the policy was for hardware retirement.

For example, are you notified when servers containing your data are replaced, are you informed how they are being decommissioned? Are you made aware of whom and when the equipment was properly destroyed? I am not implying cloud providers are not handling security properly, but I do believe enterprises have to begin to demand more from their cloud providers and insist on the audits, notifications and penetration testing, otherwise Steve Wozniak’s prediction will become our reality.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for Easylink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.