Keeping data on-premises isn’t 100% safe either

Credit: Photo Credit: (c) Can Stock Photo

In the past week. we saw Amazon, Google and Microsoft go down for varying periods of time. Google Search and many other services were reportedly down for 2 minutes. Amazon was down for 45 minutes -- during which it would have processed sales worth $5 million, according to one report. Microsoft Outlook.com was down for 3 days

The latter in particular was a tough one for business users, which rely heavily on email. You know there was someone inside some IT department last week making the argument that this is why you don't put your data in the cloud. 

Another big issue for cloud naysayers inside organizations is cloud security. This has become even more pronounced in light of the Edward Snowden revelations that there is widespread monitoring of public cloud services by the government. When you combine the reliability issues and big security concerns, you suddenly have a compelling anti-cloud argument. But is it really valid?

Downtime happens

Let's talk about the reliability argument first. How many times do you figure an internal Exchange server went down last week? You can be sure it was countless times across many organizations -- but unlike very public cloud outages, you'll never hear about it, because what company in its right mind is going to publicize such an outage?

There are all kinds of things that can happen to internal data centers. For instance, Hurricane Sandy wiped out more than a few data centers in its wake last year. Even if the data center was in a protected bunker somewhere safe from the storm, chances are there were power issues related to the storm. Even if you had your own generator, they are typically designed as a short-term solution, not for a long-term event like Sandy and its aftermath turned out to be.

Then there are the general day-to-day outages that can last minutes or hours or even days. In fact, a survey done in 2010 by Ponemon Institute, and which was sponsored by Emerson Network Power reported that 95 percent of the 435 survey respondents had an outage in the previous 24 months. 

This survey reported in some detail on the types and durations of the outages. The report found that complete shutdowns were rare, as you would expect. If you had a complete shutdown, your business would obviously be in serious trouble, but the respondents reported multiple incidents during the reporting time.

"Row-based or localized downtime had an average occurrence of 6.8 times during the two-year timeframe with an average duration of 152 minutes. Rack-and server-based  downtime had an average occurrence of 11.2 times during the two-year timeframe with an average duration of 153 minutes," the report stated.

The results were obviously anonymous so there was no reason to lie, but I'm betting people tended to err on the positive side, rather than inflating the numbers.

Regardless, it provides some concrete numbers that data outages can happen anywhere, and you don't have to be Amazon, Google or Microsoft to face the same types of issues. The only difference is your own IT department controls the data center, so you have a throat to throttle and a face to blame if that's your desire.

Yes, you're subject to government oversight

If you can accept that your data center is probably as vulnerable as a public cloud vendor to outages, then it comes down to the security argument. You believe that your data is somehow protected inside your organization and that the government can't vacuum it up the way it does the public cloud. That's a dangerous delusion.

All it takes is a lawsuit with an eDiscovery order and your legal and IT teams will be sent scrambling trying to comply with a court order to deliver data. Regulators who also have a right to peruse your networks and make sure they are in compliance with government regulation. 

Then there are the FBI's infamous National Security Letters, which are secret warrantless requests for information. When you get one, you can' t inform the subject of the search. You aren't even supposed to tell your attorneys, and you can be subject to prosecution for breaking these rules. Since the turn of the century, the FBI has sent out hundreds of thousands of these letters to companies and individuals of all shapes and sizes.

At the most extreme instance, consider the case of the British newspaper, The Guardian, which this week was forced by UK government intelligence authorities to destroy company hard drives which contained copies of files obtained from NSA whistleblower Snowden. Putting aside the absurdity of destroying their hard drives when there were a number of copies of these document sets outside The Guardian's purview, it was a gross abuse of government power inside a private business, and it's entirely possible in today's world -- where terrorism is treated as a carte blanche excuse to ignore civil liberties, however your country happens to define them -- that your company could be subjected to this level of intrusion from time to time. Having a private data center does not give you any protection. 

In the end, it doesn't matter much whether the outage or intrusion happened on your vendor's systems or yours, or where your data happens to be stored. The end result is the same. So don't let fear dissuade you from other benefits of moving to the cloud -- lower operational costs, greater flexibility, pay-as-you-use models, and easier access from mobile devices outside the firewall, to name a few.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies