We are now faced with a number of firms offering to store our personal and professional information in the cloud – a fancy term for remote computer-based storage.
Some vendors offer free services, possibly with limits, in exchange for your acceptance of advertising. Some vendors make introductory offers with graduated rates in the future.
No matter what the offer, you must consider the following issues:
One, who is it that you are really doing business with? Are you doing business with a major firm or a startup? Are they financially stable now or are they in a growth mode? Are they funded by venture capitalists looking to cash out in an IPO (initial public offering) or run by executives with their own personal exist strategy.
Two, are they accepting responsibility for your data with the financial liability for lost, corrupted or unavailable data or are you being asked to sign a unilateral one-sided agreement that absolves them of all responsibility or limits their damages to the amount you have paid for services for the year? Are you susceptible to multiple unilateral contractual obligations for each of the vendor’s products that you use? Are you required to monitor the vendor’s website for unilateral changes in agreements, terms of service, or end user licensing agreements?
Three, is your data transmission to and from the cloud from any and all devices encrypted with industrial strength security? Some vendors rely on the device’s hardware features or software which can be less secure than security normally found in desktop-level software and hardware.
Four, does your data reside in secure data centers? Are these data centers within the continental United States under the legal jurisdiction of U.S. regulatory and law enforcement agencies? Or is your data stored in an off-shore foreign data center whose legal system is beyond the reach of the U.S. legal authorities>
Five, is your data encrypted while stored on remote machines – including, but not limited to, in-memory transfers?
Six, who holds the encryption keys? Is the data from one or more customers encrypted with a single encryption key held by the vendor?
Seven, is your data securely backed-up or replicated to insure that it is reasonably safe from hardware and software mishaps?
Eight, does the vendor allow you to encrypt your own data with your own encryption keys or do they specify that the information must reside in an unencrypted format or an encrypted format that is accessible to them for data mining – ostensibly to provide you with more targeted advertisement? Will the vendor, acting on their own behalf or on behalf of a third party, scan your data for potential copyright infringement or legally prohibited files?
Nine, will your vendor provide you with sufficient notice of a law enforcement subpoena, administrative summons or a court-ordered examination of your data in sufficient time to argue against the release of the information? What controls will be placed on the data that is provided – considering that portions of your data are beyond the scope of inquiry or may contain legally protected information such as communications with your lawyer?
Ten, will you be violating any local, state or federal statutes by storing information which contains third-party non-public personal information on computers over which you have no absolute control?
Eleven, will your data be retrievable in an acceptable form when you quit the service?
Twelve, will your deleted data be securely expunged on request or will it live in perpetuity. Will the vendor’s rights to access the data be terminated along with your agreement?
And while we could continue listing questions, these are the basic ones which should give you pause before you blindly accept that agreement to store your data in somebody’s cloud. While some offers are mighty attractive – they are also potential sources of unlimited grief should things go wonky.
Bottom line …
You have time, money and effort invested in your data. I would suggest that you adhere to the Better Business Bureau’s code which advises: Investigate Before You Invest?
Remember: “Do No Evil” or similar slogans are corporate mantras, not legal guarantees of ethical behavior, financial responsibility for the loss or misuse of your data or even a guarantee that you will be able to securely access the data when you want and with the device at hand.
Let the buyer beware.
“Nullius in verba.”-- take nobody's word for it!
“Beware of false knowledge; it is more dangerous than ignorance.”-- George Bernard Shaw
“Progressive, liberal, Socialist, Marxist, Democratic Socialist -- they are all COMMUNISTS.”
“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS "The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius “A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell “Fere libenter homines id quod volunt credunt." (The people gladly believe what they wish to.) ~Julius Caesar “Describing the problem is quite different from knowing the solution. Except in politics." ~ OCS
“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS
"The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius
“A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell
“Fere libenter homines id quod volunt credunt." (The people gladly believe what they wish to.) ~Julius Caesar
“Describing the problem is quite different from knowing the solution. Except in politics." ~ OCS