Two days back, Bruce Schneier wrote an article in The Wall Street Journal highlighting the risks in the SaaS based world. He argues that users lose full control of their data in SaaS and the companies are using certain deceptive tactics to lure users
into their services.
Cloud computing is another technology where users entrust their data to service providers. Salesforce.com, Gmail, and Google Docs are examples; your data isn’t on your computer — it’s out in the “cloud” somewhere — and you access it from your web browser. Cloud computing has significant benefits for customers and huge profit potential for providers. It’s one of the fastest growing IT market segments — 69% of Americans now use some sort of cloud computing services — but the business is rife with shady, if not outright deceptive, advertising.
His solution to his perceived risks involves regulations by the government to keep the Cloud vendors on leash.
For markets to work, consumers need to be able to make informed buying decisions. They need to understand both the costs and benefits of the products and services they buy. Allowing sellers to manipulate the market by outright lying, or even by hiding vital information, about their products breaks capitalism — and that’s why the government has to step in to ensure markets work smoothly.
I am not someone who gets upset about regulations. I do feel that government has an obligation to ensure that the users’ data are safe on the Cloud. However, the regulations should be smart and in tune with the developments in the technology. Any regulation that curtails the progressive movement of technology is detrimental to not only the vendors but also the users. The government should work with the vendors and watchdog groups to roll out smarter regulations to protect the privacy and security of users’ data.
Having addressed the main concern of Mr. Schneier, I want to address the light FUD in his article. He conveys an impression that there are significant risks in putting the data on to the Clouds. As many of us in the Cloud evangelist community had highlighted in the past, Cloud Computing is a completely new way of doing computing. We, the users, need a complete mental shift in accepting the fact that we are giving up some control of our data to gain access to it from anywhere at any time using any device. In fact, David Powers of Eli Lilly highlighted the same idea about the need for a mental shift when he was discussing the enterprise adoption of Cloud Computing at the Under the Radar event last week. This is similar to the kind of mental shift that is expected from users whenever there is a paradigm shift happening in how we use technology. We have to realize that we do computing differently in the Clouds. This difference lies in the idea of giving up some control to our data to gain universal access to our data.
This remind me of the concerns raised by top management and workers of public sector banks in India during the early part of computerization of banks. The public sector banks were used to storing their information on paper and filing them in the old fashioned way. When they were asked to use the computers, they couldn’t reconcile to the idea and they added the information about the banking transactions on their computer, printed it for filing and also noted it down by hand on their ledgers. They did this because they were having trouble making the mental shift from the old fashioned book keeping to the computers. This is the same kind of dilemma faced by some of the users as they move from the traditional desktop world to a Cloud based world.
Such concerns are raised whenever users are asked to move from their traditional ways of doing things. We had a strong backlash to the idea of outsourcing to foreign countries. In fact, I still couldn’t fathom the idea that someone far away from where I live, unbounded by the laws of my country, is processing my banking information. However, the opposition to outsourcing has come down and it is now taken in stride. I am pretty sure, the current concerns about Cloud Computing is in the same lines. However, as I have argued many times in this space, the Cloud based approach may turn out to be more beneficial in terms of security than the traditional desktop based approach. What is needed is a mental shift.