We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Cloud Talk

Andre Yee

Can We Trust Cloud Computing? Discussing the Risks

Vote 0 Votes

We live in a world of contrarians, don't we? Just when the cloud computing party is getting started, there are naysayers crashing the party and raising issues about the risks of cloud computing.

I thought I'd open up a discussion on some of these risks - it's not a comprehensive list by any measure but it'll get us started.

Data Loss - Some of us are so accustom to the idea of in-the-cloud applications and services that we can overlook this risk. Then something like this happens - Mag.nolia, a web bookmarking service encountered a legitimate crisis a couple of days ago - data loss/corruption. The service is now offline - users are unable to retrieve their bookmarks- time to recovery is unknown.

I know, bookmarks...sounds pretty trivial, doesn't it? Yet everyday, businesses worldwide entrust some measure of their operations (and data) to SaaS applications and other "n-the-cloud" services. Do you know whether your SaaS vendor has backup/recovery policies in place? Have these been audited by an external 3rd party?

Security - Two big dimensions of security are introduced in the Saas/cloud computing model that is markedly different from an on-premise application. First, control to user access/privilege to your application has been extended to your SaaS provider. As such, you better find out who has access to your application. If they can't tell you, assume everyone in the company does! Second, protection against network and host based attacks. In my experience, most SaaS vendors are more knowledgeable about security than a typical small business but compared to security standards of a larger enterprise, many SaaS vendors fall short. Of course they run a firewall, but does your SaaS vendor really "get" security? Do they run an IDS? What about corporate security policies?

Compliance - taking certain types of data (example: financials) off premise may open compliance/regulatory issues. I'm not an attorney, nor do I play one on TV but Bernard Golden raises the compliance issue in this (warning: long) article. Here's an excerpt -

"Most companies operate under risk constraints. For example, US publicly traded companies have SOX disclosure legal requirements regarding their financial statements. Depending upon the industry a company is in, there may be industry-specific laws and regulations. In healthcare, there are HIPAA constraints regarding privacy of data. There are other, more general requirements for data handling that require ability to track changes, establish audit trails of changes, etc., particularly in litigation circumstances."

Loss of Control Issues - Richard Stallman, founder of GNU claims that the use of cloud computing services and applications is "worse than stupid" because it'll lock users into proprietary systems. He particularly cautions us against big players like Google, Microsoft and Amazon. In my opinion, his comments have a conspiracy theory flavor but the issue of control and privacy is something to consider.

It's my belief that the significant benefits of cloud based applications and services outweigh the risks. But every business is different, with different risk parameters.

What do you think - can we really trust cloud computing?



I think that it will end up in some bad totalitarian type world were everything is not your own and you have nothing left to call your own. Get it straight man there are only bad things that can come of this revolution. Even in good-cause absolute power corrupts absolutely. Do not forget the history of Napoleon's Europe, the National socialist German workers party Nazis or the USSR Totalitarian Communists they all came out of good intentions but ended in bad intentions

Wow - that's a pretty dark view. Let's hope you're not right on this one


I think you hit the vital issue up front: "I know, bookmarks...sounds pretty trivial, doesn't it?"
The initial on-site/SaaS decision should rely entirely on the question of "mission critical" versus "trivial". If the processes and data are mission-critical -- that is, essential to your market differentiation or hour-to-hour operations -- then its complete loss or unavailability, even for a brief interval, would be a disaster. You must ensure that its management is a core competency.
On the other hand, an SaaS application that provides some secondary or tertiary capability seems like a perfect candidate. If you consider your employees' travel management incidental, then it's an attractive outsource candidate (unless you're Expedia); expense reimbursement tracking is also super (if you're not ADP).
But it's hard to imagine a distributor/reseller choosing to put its CRM in Salesforce.com, an engineering products firm going with Arena, or a contract manufacturer adopting some form of MRP SaaS.
While it's always true that your company is defined by your employees' competence, keeping your critical processes & data close to those employees (and outsourcing the rest) seems like the best strategy.

Andre Yee blogs about cloud computing, SaaS, Web 2.0 and other emerging technologies that matter to businesses.

Andre Yee

Andre Yee is an entrepreneur and technologist with nearly 20 years of experience in the business of technology.

Recently Commented On


Monthly Archives