Clouded Judgment?

CloudsI saw a t shirt that said “The cloud really just means using somebody else’s computer” That just about says it all!

The cloud has become a general term for just about any program or service that is not located on your local computer (local area network) and accessed over the internet. The part of the Cloud I am going to focus on for this post is critical business applications. Does it make sense to use a Cloud Service to handle some of your most important data and processes?

Looking at it from the point of view of the companies offering cloud services, cloud computing makes a lot of sense. In the old paradigm you would buy a software package, load it onto your computer, and then use it for as long as you wanted to. Modern software is generally pretty complete and works well. As a result, there has been less and less incentive to buy the next version. From the companies point of view that is lost revenue. In the cloud computing paradigm, you pay a monthly or annual fee to use the cloud service. You stop paying and the application along with your data goes away. Pretty strong incentive to make that next payment!

As an example, an affordable cloud membership database, which I won’t name, for nonprofits charges a monthly or yearly fee based on how many donor records in the database. Up to 5,000 records for just $50 a month. Get more than 5,000 records and the price goes up stepwise.

For just $500, $600, or more a year, your organization gets a donor database that requires no local servers and allows you to work from anywhere there is a good internet connection. The users can use Linux, Mac, or Windows; to the cloud it can all be the same. What could be better?

Richard Stallman in his article “Who does that server really serve?” http://www.gnu.org/philosophy/who-does-that-server-really-serve.html, takes a bit darker point of view. He writes that in software as a service or Cloud computing “the users do not have even the executable file that does their computing: it is on someone else’s server, where the users can’t see or touch it. Thus it is impossible for them to ascertain what it really does, and impossible to change it.” We all worry about spyware and viruses. Stillman makes the point that the owners of a cloud computing service “does not require covert code to obtain the user’s data. Instead, users must send their data to the server in order to use it. This has the same effect as spyware: the server operator gets the data—with no special effort.” In the case of critical business applications, we must just trust that the company hosting our cloud application is honest, is keeping our data safe, and is not sharing it with someone else.

So does it make sense? There are probably good reasons to choose a cloud hosted or software as a service. Data security may not be one of them. Having your important data on someone else’s computer has inherent risks. How do you know it is safe? How do you know that it is safely backed up? Do you know who really has access to your cloud data? If the only reason you are choosing a cloud computing application is because it is easy or convenient, it may not be the best choice.