Beware of the Cloud
By: Thato M Jordan
The word Cloud is trending amongst technologists and business people. This enthusiasm about the cloud should be examined and properly assessed for its cost benefit properties. As a disclaimer I am a proponent of the cloud and advocate for a secured transition to the cloud.Before progressing any further and for the benefit of all, we need to define this cloud? Since Batswana have been praying for rain and we have experienced some storms in the past few weeks one might think that this cloud we are referring to is the cloud that carries rain. Yes, there are similarities to these clouds and I will briefly explain the similarities.
Most of us are aware of what a data center or a server room is and we somehow believe that cloud is a mystical location hosting our data somewhere. Some have said that the cloud may be in Mars or some other planet. In short, cloud or cloud computing as defined by PCMag refers “to the software and services that have enabled the Internet. Traditionally organizations used to have distributed data centre/server’s rooms across buildings, branches and regions which was financially onerous hence there evolved consolidation of these services into one or two buildings and subsequently the current trend where some business entities developed their own data centers and rent them out to clients.
In this initial article I will not dwell much on the cloud verses data center discussion as this is a topic on its own. I will also reserve the discussion on the type of cloud to subsequent articles. For the benefit of all, I want to make this brief analogy. In one of the numerous meetings with experts in this industry, which I would not disclose for now, one leaned expert said, “In the old days when we travelled and knocked on some homesteads, the first thing we asked for was water but nowadays the first thing we ask of is the internet password,” and therein lies the distinction and some may say, similarities of the clouds. My learned friend opines that, “Internet equals the cloud and water comes from the rain (cloud).”
Now that we have cleared that, the title to this piece is, ‘Beware of the cloud’ because like most innovative creations that are intended to benefit society, there often exists an opportunity for the morally depraved to abuse such. This topic is critical to discuss in the sense that a lot of people be it individuals, corporate entities and government departments have entertained the implementation of cloud technologies without risk assessment and due diligence.
The majority of us have interacted with the cloud one way or the other be it through Dropbox, Office 365 and even at our workplace. In order to successfully implement the cloud in an organization there are a couple of decision gates to maneuver discussed below.
Terms and Conditions:
These are also called T&C’s in the millennial and techno lingo. The question is, how many of us genuinely and thoroughly read these before signing off or do we just click the I agree online and the couple of next icons to get access. Do we study these? Engage our legal hawks on these? Cross-examine them and ensure that they are fit for our purpose? As an organization do we have a template T&Cs which we compare with the ones online? T&Cs are contractual agreements between you and the cloud providers and they are not different from any contract you get into with any service provider which must be thoroughly interrogated before sign-off. Now, why don’t we do the same due diligence for cloud services?
One can never overemphasize the importance of interrogating cloud T&C’s to ensure they are fit for purpose and will cover both individuals and oganisations rights. Some may argue that these cloud service providers will not abide by individual T&Cs which is a myth. Individuals and organisations must do a proper due diligence and have a proper process to onboard cloud services.
When you ask the cloud service provide where your data will be stored they normally tell you that it is in the cloud. The critical question is where in the cloud. You are the custodian of your own data hence you need to know where it is and which laws governing the location are for and against you.
Security and Security and Security:
It must be emphasized that as custodians of ones own data, one has to ensure demonstrable evidence that their data is secured. Do not accept the answer that the data is protected by Firewalls or some nondescript funny software. Demand evidence, do your own investigation about the organization? Has it been on the wrong side of the law? Are they willing to share with you any information with regards to breaches they once had? These are some of the questions to ask in addition to advising them to share with you your own instance security log and ensure that it is thoroughly reviewed periodically. It is important that these are negotiated at contract signing stage and must be contained in the Service Level Agreement that is signed.
What happens when one wants to migrate to another cloud service provider or back to their own enterprise Data Centre or is locked out of the cloud forever? If one desires to migrate their data, it is important to establish the compatibility of the format or platform and the need to re-engineer before migration to ensure it is seamless.
Despite the due diligence one must perform on the cloud service provider, one also needs to examine legislative provisions that deal with data. This is a topic on its own and will be covered in details in subsequent instalments on the topic.
The cloud revolution is here and we need to embrace it with both hands but we need to do this the right way in order to derive maximum benefit from this service. Research carried out in Botswana reveals that most citizens including organizations are embracing the cloud service but they do not have the policies, standards and strategies in relation to onboarding the cloud. My advice is that one should do the right things right the first time. The purpose of this article is to inform readers and help them make inform decisions about cloud computing.
About the writer:
Thato Jordan an ICT Project Coordinator (Data Centers) with Botswana Innovation Hub. He is an IT Infrastructure and Data Centre Expert accredited by Uptime Institute as an Accredited Tier Designer and EPI as Certified Data Centre Expert. He has Bachelor of Information Systems (CIS) from the University of Botswana and a Master of Science in Information Technology Management from the University of Sunderland. He is also an accredited Project Management Professional (PMP), Prince2 and CompTia Project+.