Cloud computing – using the power of remote servers to store data and run applications like Facebook – is reshaping our digital world. It allows relatively weak mobile devices and PCs to harness the power of vast server farms. It also provides more efficiency and flexibility, allowing businesses to add new users or rent processing power by the hour.
Google, Amazon, Microsoft and others now provide a full range of services for millions of companies of all sizes. Business is booming and the cloud is expanding.
Cloud services also provide greater security in some areas. Updates and patches can be rolled out quickly to applications running in the cloud, eliminating the need to laboriously patch individual computers. Storing data in the cloud also means that the search, seizure or theft of a mobile device is less likely to compromise personal information or intellectual property. But these benefits come with trade-offs, and the main one is lack of control.
For all the borderless connotations of the cloud, the reality is that these services run on servers that sit inside national borders. Major western cloud services operate in a well-developed commercial and regulatory market, and tend to have a higher level of security from hacking, compared to an individual user’s computer. Services in countries with little or no relevant regulation mean a customer has fewer options for legal recourse should things go awry.
Many CEOs do not know, or have not thought to ask, in which legal jurisdiction their data resides, or who has access to the data. The aerospace company BAE said in 2011 it would not use public cloud-based services because the provisions of the US Patriot Act would permit authorities access to BAE’s data.
For companies, the primary risks relate to data protection, and this can be reduced by prudent selection of cloud providers. For individuals, the main risk is loss of access to data, and this can be mitigated by using the cloud as a secondary backup.
Cost and efficiency, however, still trump security, and that is unlikely to change. No Chief Information Officer will last long if they reject efficiency savings from cloud services, just because security cannot be guaranteed. The cloud is expanding and is here to stay, but users should remember that these clouds have borders.