Remote Storage and the Enterprise

A subject which keeps reoccurring in our technical circles is the notion of having us our stuff in the ‘cloud‘. Buzzword Bingo aside – what we are really talking about is Remote Storage and Outsourced Software as a Service (SaaS).  I will focus on outsourced Software as a Service (SaaS) including Azure and Amazon Web Services in a future post but lets delve into notion of cloud storage and my own personal take on it.

A bit of history first of Cloud Storage.

When most people think of remote storage or cloud storage. What word comes immediately to mind? Dropbox?

Yes? And in the general public the perception is that Dropbox is the first to market and that Google (Google Drive) and Microsoft (SkyDrive) and Apple (ICloud) are copying off.

iclouddropbox googledrive  skydrive2



What most people do not know is that the Microsoft Cloud drive product SkyDrive was previously known as Windows Live Folders and originated in around August 2007.  Yep, it actually predates Dropbox by about a year. Google Drive by 5 years and Apple’s iCloud by 4 years.  Of course and as usual, Microsoft isn’t the best company in the world at marketing its products, especially to the mass market user.

WindowsLiveFolders01I find this remote storage is all wonderful for personal use. Hell, I use it and it helps me to have my flight details/PDF’s and general writing shared across application and hardware boundaries.   It’s great for that.  It’s situational, and for many (i.e. small to medium sizes businesses, its definitely a cost effective solution. But when it comes to national interests such as oil and gas. Then I have an open and complete distrust of the notion of large scale enterprise allowing their finalized documents or files to be outsourced and managed elsewhere.  This is without even counting the USA/ Snowden / NSA recent issues of outsiders looking at your data.

I would not want another link in the chain outside of my control. Saving a few dollars in the short term means being at the mercy of third parties integrity. Yes I know the marketing budget of these companies want to provide this as part of their future subscription based business model.  Serves their hosting purpose but doesn’t assist ours.

For example:-

  • When it comes to large scale enterprises like Oil and Gas, where each country has different legal requirements for auditing and security. Legally what is the jurisdiction of control? I’m sure this is different on a per country basis.
  • Does XCountry really want their confidential political and financial production specific files to be kept outside the country? Open to investigate and inspection by which ever Country is hosting?
  • In most places where this Oil to be found, the ICT infrastructure  is years away from fast reliable internet. Always on, doesn’t fit outside the Mega technical hubs of USA, Korea, UK.
  • Security. How do you control people, outside of your organization? or in turn their subcontractors.  Snowden was a outsourced contractor who by all accounts used service account permissions to access secure data.
  • When something goes wrong, it is another link or step in the chain of fault finding. If you had all of your intranet and storage hosted in a bright new shiny outsourced data center in London or even Mumbai but your company was based in Tadzhikistan, when the connection goes down (this is the real world. It does – even if you have a backup with less capacity – things happen) then the business cannot work.ictsecurity3

In short. My opinion is: – If you don’t control it.. YOU don’t control I.T.

Just to give a story and yet real world examples of what I have seen:

I was once contracted to work on a big Data Migration for a Government body to take the data from one outsourced system to another.  Now this particular body is well known and well respected.  The Software vendor is also one of the IT giants.  The problem arose when the nice, sweet and lucrative contract was to be closed for one vendor, and the mentality of the Software Vendor completely changed. Now it was a case of them and us.

Basically the Software Vendor decided that easy direct access to the raw data was out of scope and that the Government Body had to pay an extreme premium (i.e. current costs times two years) for the raw data extract. Complete corporate blackmail.

Of course the Government Body took this legally and fought in the courts to say that the data was their, even if the Software as a service was owned by the Software Provider the data belonged to them as it was them who inputted the information. The Government body won in the end – after a lengthy and nasty (and expensive) court case.

I personally prefer to have has much auditing and information rights management as possible.  I want to know – down to who and when has seen a particular document. I want that control and security.

How many times you have had a random recruitment agency contact you about your CV, when you know full well you have never dealt with them before. Someone in a previous agency has taken the raw candidate data with them when they changed jobs. (this happened to me and I confirmed this with the agency – no names mentioned).

I’m willing to change my opinion, but at the moment – I don’t see it coming any time soon regardless of what marketing hype is generated.