Sunday, November 5, 2017

Who Ya Gonna Trust?

In society of today, we face many questions about what information to trust, whose perspective to trust, and which technologies to trust. Only history will provide us with the right answers, but we have to live in the present, not blessed with the retrospective that will inform our future selves and our progeny.

One of the fabricated perils we have been hearing more about of late is "Big Data." Sometimes it's called "Silicon Valley Elite" or "Tech Elite." And one of the dangers that supposedly comes from this new threat to our way of life is Cloud Computing.

Certainly, since there's a lot of misinformation available about this important development in the world of Information Technology, it's easy to accept viewpoints derived from casual, poorly researched, and superstition-driven irritation or fear. I saw one such article this past week, and perhaps we should forgive the author (Steve Rosseau) for reacting during the heat of the irritation when faced with the possibility that a great deal of his work was lost.

The article appeared on Digg. It came adorned with headlines such as "Google Drive is Not Your Friend," and "Google Flagged a Bunch of Doc Files as Violation of Their TOS and Locked Them."

The article simply documents a bug in one of the software updates pushed out by Google that did what the spoiler-alert headline claims it did. The author (in an understandable fit of pique and worry,) reacts to the situation by condemning the entire concept of Cloud Computing and by subtext, attributing malice to Google, as if it were an entire corporation filled with workers who are deeply committed to destroying his work.

There are some factors that the author leaves out, and it shows how we must be vigilant against "declarations of truth" that do not consider all the conditions.

In the first place, the author is most likely using a free community version of Google Drive - made available without charge to anyone who asks. Google has its reasons for doing this, and from the outside it simply seems like generosity. But of course, a free service at that scale cannot include the sort of support that one might expect for a subscription service.

Even if the service is being used with the (nearly ceremonial) subscription fee having been paid, (mine is $20 a year to store data reliably in Google's data center,) it's understandable that such a low-cost commodity service may not include instant support.

So of course there was no one to call when this bug appeared, and locked poor Steve away from his documents. He might understandably conclude that the entire "Big Data" world is a dangerous and unforgiving place.

In the second place, a factor worth considering is that Google, Facebook, and other large information empires are facing an increasingly strident call for regulation and pressure to self-police their service and content to prevent users of the services from causing harm. (Here, and here, and here!)

As these firms face an uncertain future given by emerging privacy laws, calls for regulation, and risks to public perception, it is understandable that they may try to implement measures to proactively address some of the concerns.

Anyone who's ever helped develop large software systems knows that sometimes mistakes can take place. The real answer to the (silly) question about whether a technology company "is your friend" can be found by observing how the company responds to such a mistake.

Google acknowledged the error, published a fix within hours of its discovery, and promised to implement protections to prevent it from happening again. In my opinion, that's a pretty friendly behavior from a company that makes a great deal of valuable service available for free.

In the third place, the article's author bases part of his premise on the unchallenged assumption that data is safer on your own hard drive than in the storage systems that belong to a large company with massive (and redundant) data centers.

Let's compare hazards to see which one you would ultimately want to trust.

Hazards of the cloud

The company might go away -- in the case of Google, this seems really unlikely.  (Look, even Yahoo!, Live Journal, and Lotus Software are still around in some form.)

The company might discontinue the service (and by implication, remove your data) -- Google has done this several times, and in each instance given a very long lead time notice to customers of a system they planned to sunset. In many cases, they also used a vigorous communication campaign to remind users to reclaim their data, or migrate it to a suitable alternative resting place.

The company might be subject to attack and expose your data to attackers -- This seems to be a cliche' risk right now and there are many examples of it happening. Google has not been victimized in this fashion very often, but it is a legitimate risk. On the other hand, see the implications below about the analog to this risk among self-hosted data solutions.

The company might underhandedly use your data for its own purposes or simply destroy it - No one can promise you that a company's leadership, or a person within a company won't maliciously do something to your data. But I always ask myself, how is the issue different when it comes to computing service or data from the case where I use a company to store or take care of something for me?

If I place my possessions in a long-term public storage facility, or leave my RV parked in a storage lot, or even leave my shirts at the dry cleaner -- isn't it possible that someone working there might do something with my things?

If that seems far-fetched, then consider how equally far-fetched it is that someone who has a great job, working in a friendly and forward-thinking environment (ever visited the Googleplex in person?), and with a lot of work to do, would go to a lot of trouble to erase, plagiarize, or vandalize my data and documents. Of course it could happen, but the odds are long in my opinion.

Hazards of Self-Hosted Data

To consider these, I simply offer these vignettes.

One - a friend of mine slipped in the rain recently and dropped his laptop in a way that it skittered into the street and was crushed by a passing driver. Of course he creates backups, although he works in insurance and doing so makes him a de-facto IT worker in addition to his regular job. Unfortunately his backups were not recent enough to prevent him from losing a couple of days worth of paperwork and spending many hours recreating it.

Two - another friend of mine has a 1990s era PC sitting in her office, serving primarily as a dust bunny hotel. The reason she keeps it, is that she believes (probably mistakenly,) that a treasure trove of family photos are still there on the hard drive and that one day she may be able to reclaim them.

Three - a friend of mine is the broker at a local real estate office and definitively decided that the books should only be kept on a local instance of Quickbooks and that the cloud offering was not to be trusted. What he should have considered is that one of his irate and recently fired agents was even less to be trusted.

The individual in question broke into the office on the night after being dismissed and took both the computer and the external drive that held the backups.

Who Are You Going to Trust?

There's no good answer to this question in the end.

Hosting your business IT services and your data in house might seem safer, and it might be. But the cost is that someone in your company has to become an IT worker, and the truth is that many of the risks faced by Cloud systems also apply to you. You may have the resources and expertise to mitigate that threat, but is that what your company is supposed to be spending for?

Hosting your business operations and data with a Cloud Computing provider definitely exposes you to risks, but how many of those are real? How many of those are risks you face either way? And how many of them are cases for which the Cloud vendor is better equipped to prevent than your company?

I will say this however.

My company uses (and recommends) Cloud service heavily, and we are quite often able to do things more quickly, more adeptly, and more effectively than we could in an era before Cloud computing was possible.

A client of mine needed an Internet Radio station set up quickly and we had it going within the space of a few hours. A client needed a website overhaul, and it was possible to get them a new, modern-looking website within the space of two workdays.

Another client needed an online academy to be up and running quickly. We were able to use Cloud resources to get her in business within a few weeks, and at a minimal cost, one that would make a food truck operator envious.

So if you are a thought leader or a widely read technology journalist -- consider that spreading unfounded superstitions about an entire branch of IT simply because you've had a bad day is a disservice to your readers (or "fans") and to their companies.

And if you are company decision maker, ask your IT experts to provide you a calm-headed and fully informed perspective about the genuine risks of Cloud computing and compare them to the costs and risks of the DIY approach.

If it seems like I'm evangelizing here, (yes, I did mention Google and Cloud Computing a whole bunch of times in this article,) consider that I'm not. I'm simply saying that it works very well for us, and we're not the only ones. Some of your competitors are doing this too. And while we aren't necessarily out to eat your lunch, if you're going to leave it sitting on the table...

No comments:

Post a Comment

Reduce to Dashboard

When developers use DataWeave, they often come to rely on the reduce() function to fill in any gaps left by the standard Core library. Altho...