Bruce Schneier wrote a three part series (part 1, part 2, part 3) on cloud computing recently, part of a debate at the Economist. It’s a general look at the cloud from a few perspectives, and I think the thoughts are interesting. Whether they apply to you, or to what extent, you’ll have to decide.
The first part asks if companies should use cloud services. I love the answer at the beginning: “Yes. No. Yes. Maybe. Yes. Okay, it’s complicated”.
The decision is complicated and it’s not a binary decision. You may choose to use a cloud service like Dropbox to share video files, but not move any of your databases or Excel spreadsheets to the cloud. Your company might choose to outsource email, but keep all sales, finance, and inventory applications in house, or vice versa.
I think as each of us debates the decision, we’ll be driven by data. Not only cost data from each side, not only a risk or security analysis, but actually by the data we are talking about. We have to consider the risk of losing a particular set of data through cloud provider incompetence or disclosure to third parties (successful hacks or government intrusion). As data professionals, I’d like to think we’ll be intimately involved with the discussions and arguments about the reliability, security, performance, and control we need over our data.
Is source code too valuable to trust outside the company? Is it worth managing email? Is a service providing CRM a better choice? There are no easy answers here. I’ve said more than a few times that I would never bother setting up or managing an email server again. However as I think about it, that might not be true. If I worked for a law firm, could I trust anyone outside of my company to prevent a breach of client confidentiality? The implications are unknown here and I wonder if a custom Gmail or Office365 solution is even defensible?
More and more, I think any debate with regards to cloud computing has to begin with “it depends” and dive deeply from there into the potential risks and rewards.