Image by radiospike photography via Flickr
I started writing this post after learning about the data breach that happened to President-Elect Barack Obama. Midway through the post, I decided to make it as a part of SaaS Risk Reduction Series. This is the fourth post in the series.
Recently, the tech blogosphere was buzzing with news about the data breach that happened with President-Elect Barack Obama’s Verizon mobile phone account. This raises important questions about the security of our data in the hands of third party vendors. As cloud computing evangelists, we need to address this problem again and again until SaaS users are made aware of the risks involved and how it can be minimized to take advantage of the power of SaaS.
Well, if you wonder about how this incident is related to SaaS, this post is just for users like you. All our digital communications, whether it is telephone, mobile phone, VOIP, email, web browsing, web search, etc., leaves a trace about our activities on the third party (read vendors) servers. The actions are recorded for various reasons, with security being the most important reason. The trail left by the users of digital communications can be exploited to get information about people and/or their business activities. Remember, even if you use proxy services, you are leaving a trail with some third party servers and if you are in doubt, please go and ask the son of the Tennessee State Legislator who used proxy services to log into Sarah Palin’s account. What happened to Mr. Obama falls into this category.
If the trail left by the users of digital communications in the log files sitting on the vendor’s servers can expose information about the user, irrespective of whether it is due to an overzealous employee or hack attack or government subpoena, imagine what could happen when we put all our data, including documents, personal photographs, banking information, etc.., into either a cloud based storage or with a SaaS vendor. Clearly, it is a very big risk for anyone embracing the idea of cloud computing and SaaS. The threat is real and if anyone dismisses this as unimportant, the person is either lying or ignorant about it.
Having said that, I want to point out that this risk is not unique to cloud computing and SaaS alone. The same threat comes into existence the moment we let another person get our data in their “hands”, whether it is an employee sitting on a desk going through paper based filing cabinets or an employees using a desktop computer or when a desktop connected to the internet is used to store data or a company storing the data in an in-house data center. The same kind of threat is present in all of the above mentioned instances. If anyone think that storing the data in our own datacenters is foolproof, they should call Intel and ask them about their story.
There will be fear mongers, whose business interests are threatened by Cloud
Computing, and there will be people who have careers loving these businesses.
They will all predict doomsday scenario when talking about moving the data and
the apps to the cloud. Such fear mongering always happens whenever there is a
technological leap like the current jump to cloud based computing. Ask your
grandpa about what happened when he first started using telephone in his
business. He might recount the fear mongering that happened around telephony in
those days. Fear mongering is a natural human behavior that happens either due
to complete ignorance or due to vested business interests. Such fear mongering
should not stop anyone from moving to SaaS based applications or cloud based
storage of their data. Any failure to adapt newer technologies will leave a
business in a totally disadvantaged position, especially in today’s fast moving
global recession economy.
Even though I will disagree with the idea of not moving to the clouds because of the risks mentioned above, I would strongly urge every SaaS user (and the prospective ones) to do research about the SaaS vendors (especially, if they are startups) before putting data into their cloud. Such checks could include
Once you do the necessary background research about the company, you should at least ask some of these important questions to them and get a satisfactory answer. If users take care of all these precautions, they can definitely minimize the risks associated with moving their data to the clouds. It is foolish not to fly just because there is always a danger of an airplane accident. It is the case with SaaS adaption too. The chances of a SaaS user having their data breached is less likely than the data breach of Mr. Obama or the data breach that can occur inside a data center where your company’s servers are hosted or the data breach that can happen in your bank or the data breach that can happen within the confines of your company by a rogue employee. It is, definitely, less likely than any privacy breach that can happen to citizens when government asks telecom companies to let them listen on the citizens telephone calls. We should not be missing out on the upsides due to some risk that is similar to the risks we face in our everyday life. A successful business will be smart enough to understand the risks due to various threats and act wisely than just succumb to any fear mongering. A smarter way to do SaaS is by understanding the risks and minimizing it.
Previous articles in the series:
Image by Paul Jacobson via Flickr
Open formats are those file formats whose specifications are published openly and are not restricted to a single vendor or a software or a web application. With the open availability of specifications, the data in the open file formats can be accessed from any software/application that supports the file specification. You are not locked in with a single vendor's software or web application. Examples of open formats include plain ascii text, html, odf, pdf, dvi, rtf, ogg, png, etc..
While selecting a SaaS vendor, it is important for us to ensure that the vendor will allow us to export our data in at least one of the various open formats available for the particular kind of data. For example, Google Docs supports supports export of documents into text, html, openoffice, PDF, RTF and Word formats. Zoho Writer goes even further and support Latex and DOCX (purists, please don't pounce on me for including DOCX in the list. Even I have my own reservations about it but that debate is for another forum) formats along with the ones supported by Google.
The option to export data in open formats is very important in the SaaS world. Already, we are putting our data into the third party data centers and, thereby, giving up some control over our data for the sake of other additional conveniences offered by SaaS. On top of it, if the vendor locks in the data without giving an option to export it into one of the open formats, it is just a disaster waiting to happen. We can as well put our company's bank information in an open website. Once we put our data with such a SaaS vendor, we are struck with the vendor forever and we will be at their mercy when it comes to pricing and service reliability. No smart business owner would ever want to put their business at such a risk.
I strongly suggest that the users also make sure that the SaaS vendors allow them to easily export their data in one of the open formats with just a few clicks. It is important that the SaaS users are not bogged down with a complicated export process. Just say no to SaaS vendors who don't offer an option to export the data in open formats.
PS:
I am intentionally keeping this series without any technical details.
The goal of this series is to help small business owners finetune their
SaaS strategy.
Previous articles in the series:
Image by cyanocorax via Flickr
This is my second post in the SaaS Risk Reduction Series. In my previous post titled “What is your Cloud Strategy”, I talked about the need for diversification and it met with some serious opposition from my fellow Cloud Avenuans, Zoli and Ben. In this post, I am going to dig up the concept again and offer better insights than the last time.
First, as I told in my introductory post in this series, my approach is more like a system admin in a company while theirs is from a pure business convenience perspective. Both are valid from the proponents point of view. In fact, this is nothing new and it was a classic problem from the previous desktop era. We are always confronted with the security vs convenience problem. Well, it is true in many real world issues too. The tug of war between security and convenience has been going on from time immemorial. As a system admin in my previous avatar, I have always faced the wrath of business managers but I have always insisted on my security over convenience mantra. I take the same approach in my current avatar too.
Second, SaaS applications are supposed to work out of box without any need for user side configuration. I don’t see any inconvenience in using Google for Email and Calendar (where they excel their competitors by a wide margin) and Zoho for productivity apps (where they really rock. BTW, let me make it clear here that it is my personal opinion and Zoho being this blog’s sponsor has no role in it). With SaaS, there is absolutely no reason to stick with one provider. For example, I can store all my files in Syncplicity and either send them to Google Docs or open directly with Zoho Docs. This is the beauty of SaaS and with further adaption of Open Standards (about which I will talk further in my future posts), interoperability, data portability, etc., the idea of using a single provider or keeping all the eggs in one basket becomes old fashioned.
Even now, mashups makes it easy for you to diversify your cloud use. Gmail labs now allows you to add any gadget (their name for widgets) to Gmail sidebar. For example, I can add Remember The Milk or any other gadget to my Gmail sidebar and work as if it is delivered from a single provider. Mashups are still in early stages and Gartner predicts a bright future for them. With the passage of time, mashups will emerge as a much more useful tool, changing the way how we use apps.
Finally, I want to point out where Ben and Zoli’s arguments fits better than my argument. It depends on whether your business is in the free part or mium part of the freemium model. If it is in the free part, as it is the case with many individual consultants and smaller side of the small business, my suggestions about not keeping all the eggs in the same basket becomes all the more important because you don’t get any technical support and you are at the mercy of SaaS vendors. If you are in the mium part, which is the case with some of the consultants and the other end of the small business spectrum, Ben and Zoli’s arguments about convenience of a single provider plays a big role. You just want to keep a single provider and deal with them for all your problems. This works well if they offer telephone support for their premium customers (as it is the case with Google Apps Premium Plans and few other vendors). If the SaaS vendor offers only email based support, I will still suggest that it is not advisable to keep all eggs in one basket.
Again, we need to keep in mind that we are considering security vs convenience and every business has different priorities. I have offered my view from a point of view of someone who plans for the worst case scenario over someone who worries about speed. I am sure Ben and Zoli might offer their insights over the importance of speed in business and how SaaS strategy can be devised to fit such an approach. As a small business owner, you should consider both these approaches and devise a strategy that fits the needs of your business. If you have any suggestions, feel free to add in the comments.
Previous articles in the series:
Image via Wikipedia
