Cloud Rant

“The Cloud” is all the IT rage these days. I hate to sound Luddite, because I’m really not, but the Cloud is about the last place I’d want to be. Let me tell you why.

First, you’ve probably heard or read about data breaches involving credit card numbers and personal information. A lot of these breaches have happened to very large are reputable corporations. Such breaches prove that even large and reputable corporations either don’t consult or don’t listen to security professionals when formulating their security policies. Or they don’t enforces them strictly enough, with sharp enough teeth to make employees follow them. Either way, imagine now that your corporate (or personal) data is going in and out of some data center somewhere instead of to the computers behind the firewall at your office. How safe is that data? It could be said that credit cards and such are much more juicy targets for hackers than random corporate (or personal) data. Probably true. But hackers don’t necessarily know what sort of data you’re storing in the Cloud. But no matter what kind of data you’re storing in the Cloud, you have no control of it once it enters the Cloud. Meaning, you have no control over the security of it either. How safe do you feel now?

Honestly, I’d prefer to trust my data to my network, behind my firewall, administered by my personnel. No offense to the Cloud guys. But I know what I’m getting when I commit my data to my corporate network. With your Cloud, I don’t. I hired my security guy and I know where he lives. Your guys, I don’t know the first thing about. And all the guarantees in the world are useless once my data is sitting on some hacker’s laptop, leaked by your Cloud.

Second, “the Cloud” isn’t just a place to store data. Generally the Cloud also includes access to applications which manipulate the data as well. The software you use on the Cloud resides on the same set of servers where your data is stored. If you happen to like this software and it meets your needs then you’re in luck. I recently had a customer who owns several auto repair shops, each with its own version of Word, Outlook and other Microsoft applications. The problem was that, to upgrade all these applications at all the shops would have cost him a lot. But going on the Cloud meant that he didn’t need to upgrade all those applications sitting on all those computers in his shops. He could pay once a month, and all the shops would be on the same versions of all the software the owner liked. The software, being part of the Cloud, primarily resides in the Cloud. When you want to use it, your computer secretly downloads parts of the software onto your computer on a temporary basis, while you use it. If you’re in Microsoft’s Cloud, you get their software. If you’re on Amazon’s cloud, you get their software. If you’re on IBM’s cloud, you get their software, whatever that is.

The catch, of course, is, we hope you like our software. If you don’t, that could be a problem. What if I have peculiar preferences? For example, I like to edit in Vim. Do you have a Cloud version of that I can use? What if my favorite spreadsheet program is the ancient *nix standby, sc? The point is that I may have to adapt to whatever software you allow on your Cloud, rather than run the selection of software residing on my own servers.

Third, if your data resides in the Cloud, your internet connection is the only connection to that data. If, for some reason, your internet access is cut off, so is your access to your data. Now, it could be argued that if something goes wrong in your office with your network, you could also lose your connection with your non-Cloud data. True enough, though I feel like I have more control of my office (or home) network than the Cloud. Same is true of your laptop or desktop. If some component of your local computer goes flaky (like your hard drive), you could also lose connection with your data. In fact, in that case, you could actually lose your data entirely. But you did back up your data, didn’t you?

If you sign up for the Cloud, you might want to ask if there is any option to work with your data “offline”.

Fourth (and this is one of my more important concerns), there’s a little matter of speed of access to your Cloud data, and the latency of the Cloud software used to access it. Not many things annoy me more than software which is laggy when there really isn’t a need to be. For example, my checking account software has so much latency at times that, when doing a reconciliation, it can take the better part of a minute to store the newly updated status of a single reconciled item. This is locally-hosted non-browser-based checking account software on a reasonably speedy Linux desktop machine. I curse that software every time I have to reconcile a credit card or checking account.

Cloud based software is, by its very nature, laggy. I’m not an expert, but I’m betting that, since the Cloud is generally accessed via your browser, much Cloud software is written in Javascript. And I’ve never known Javascript to be blazingly fast, particularly when you factor in that there’s probably some AJAX going back and forth, accessing data from the Cloud. Moreover, by actual test, I’ve found nothing else on my box which will pin the CPU to the wall like Javascript will. I don’t know why, but Javascript seems to be able to suck CPU cycles like nothing else. That’s why I rarely go on Facebook. Facebook is mostly Javascript driven, and when I’ve got Facebook open and other applications slow down, Facebook is usually the reason. Close it, and I can watch the CPU load meter on my desktop calm right down.

Now, in all this, bear in mind that I’ve been working with Linux for 16 years. I set up my home and work networks. They’re safe behind firewalls I built. I back up my software and data daily, and then back up the backups. I built most of the software I use. I’ve long since decided on what software and which versions I prefer, and I regularly upgrade things for free, because I use Free and Open Source Software. So I’m not typical. But if you’re a reasonably sized company, you could and probably should hire someone like me to do all this stuff for you. Someone who knows more than I do about security and who can reasonably advise you on security threats and pitfalls. Who can deal with hardware, networks and the like. I think it would be a better investment than monthly payments to some Cloud vendor.