“There is no such thing as the cloud, only other people’s computers.” I’ve hosted seminars with senior IT professionals for several years now and whenever the subject is ‘the cloud’, someone always delivers this line. I don’t know who said it first, but it’s become a cliché.
A Google search finds people writing, at least as far back as 2010, that there is no such thing as the cloud: there are several clouds, run by different companies and with different operating processes and risks. That makes sense and I’d guess that most IT professionals know that by now.
A few years later, we get the first appearance of the ‘other people’s computers’ line in stories about one company or another suffering a cloud service failure.
The line is unhelpful. What wisdom it once provided is overshadowed by the impression it creates, that storing data on ‘other people’s computers’ is asking for trouble. It obviously depends on whose computers.
Consider this: there is no such thing as the haulage industry, only other people’s lorries. “Other people’s lorries” can crash, get stolen and the contents can be lost but if you run a widget business, then you might still hire a specialist to transport them from factory to store. Companies have come to accept those risks – mitigated by contracts, regulation and so on – so they can focus on being widget experts instead of becoming transport experts too.
Try this one: there is no such thing as ‘the bank’, only other’s people’s safes. Do you keep your money in a vault at home or put it in the bank? I’m guessing the latter. But, to take just one thing that can go wrong, thieves could steal your identity and use it to take money from your account. Your bank might refund the money, but they might not, especially if they decide you were at fault. Again, there are risks and benefits.
You can argue that neither of those analogies perfectly matches the situation of cloud computing and that’s true. A lorry is not the same as a server. And protections around the banking industry have grown up over hundreds of years – something that the cloud sector cannot yet match.
Still, they are close enough analogies for the key points. First, businesses outsource complex tasks to specialists all the time. Not because nothing can go wrong – things can always go wrong with suppliers – but because doing so is typically more efficient and effective than handling the task themselves.
Second, people who secure things for a living – like data or money – have an incentive to be good at it. Just as your bank is probably more secure than your house, so a cloud supplier is likely to have better security than your business.
These are among the reasons why so many large corporations are happy with moving compute up to the cloud. It’s becoming increasingly popular to move entire portfolios out of internal data centers and up to the cloud. At the same time, we are seeing the rise of specialist clouds for things like financial regulatory uses, high performance computing (HPC), and so on.
If the ‘other people’s computers’ line has any value, then it’s as a reminder that putting your data in the cloud does not absolve you of responsibility for it. You still need to know what you are storing, where it is stored and so on. You must be aware of exceptional cases, such as whether your data could cross national borders in the event of a network failure.
Likewise, some companies are caught up in cloud fever, believing that moving to the cloud is a corporate panacea. It isn’t, if it’s entered blindly. Cloud costs can mount up and many companies are paying for capacity they don’t need and features they will never use because they have not scrutinised the cloud service as they would for their internal infrastructure. As mentioned above, there are many clouds and it is important to choose the right one.
Hopefully, this kind of understanding is becoming common knowledge now, particularly with the arrival of GDPR, which has focused a lot of corporate minds on data.
We’re in the early stages of regulation of cloud storage and data. Much of what we have seen so far has been focused on getting regulators and regulations to catch up with a tech world that has outpaced existing rules. A big driver has been consumer privacy – and in the wake of the furore around Facebook and Cambridge Analytica, the scrutiny of what data companies store, where they store it and who they share it with will not lessen.
There is value in making people aware of those issues but they shouldn’t deter a business from cloud storage. And that’s my frustration with ‘other people’s computers’: it carries an admonishing tone, one that implies irresponsibility.
It is not inconceivable that the regulations around storing data could soon become complex enough that doing it yourself would be irresponsible. The day will come when the company that stores its own data starts to look like the person who eschews the bank in favour of a pile of cash under the mattress. What’s important is not ‘other people’s computers’ but the right people’s computers.