Slashdot Mirror
Google Asks 'Who Cares Where Your Data Is?'
mask.of.sanity writes "The chief security officer for Google Apps, Eran Feigenbaum, said popular concerns over data sovereignty in outsourced environments are unwarranted. He said businesses should worry about security and privacy of data, rather than where it is stored. The comments clash with those made by IT pros including Gartner, who said cloud providers like Google can't be trusted with sensitive data."
If the data is sensitive, you should be encrypting it anyway before passing it along to a third party thatr has no business looking at it. If the data isn't sensitive enough to encrypt, why do you care where Google keeps it?
http://xkcd.com/908/
I'm sorry, but on the trust scale, Google, who has yet to lie to me, wins big over Gartner, who lies through their teeth every time they review a product. I still recall Gartner recommending WinME. 'Nuff said there....
Just because you're paranoid doesn't mean they aren't out to get you
I know where your data is. I know it's located in a few data centers. I can kill those data centers and your business is dead.
Yes the cloud is 'mostly ok' if used for non-critical fluff and some processing power but I'd never trust google as far as I could throw a federal pig.
When I can store data on disparate servers in such a manner that it's cryptographically secure, the complete and utter destruction of any two cloud providers will not effect me I'll consider them for slightly more use.
Obviously, it is Feigenbaum's job to exude nonsense where required; but the notion that worrying about where something is stored isn't part of(much less opposed to) "worry[ing] about security and privacy of data" is transparent absurdity.
Where data are, in part, determines what laws(and de-facto uses and abuses of power) they are subject to or subject to the protection of. In a number of cases(including the not-exactly-economically-insignificant case of EU businesses working with American cloud entities...) it might even turn out that storing certain sorts of data in some jurisdictions means that a given entity is in violation of data protection laws at home because the data protection laws are insufficiently strong where they are storing data.
Things like whether or not you are getting hacked by lulzsec are, of course, also important; but(until Google transforms itself into a cypherpunk utopia or sprouts a formidable nuclear deterrent), location is right up there with hackers in determining how likely your data are to be absconded with against your wishes. And(unlike hackers) you can't really code your way past the feds...
If you're worried about the privacy of data, then storing it with the world's largest data mining and advertising company isn't a good first step.
I don't think the Google exec is listening to himself. If I am concerned with the security and privacy of my data then where it is stored and who has access to it are going to be pretty close to the top of the list of thing to be concerned about. Google still might be an ok place for it, but exec's saying things like this make me more than a little uneasy.
I didn't hear anything about Sony having their data outsourced. It didn't seem to do any good to keep sensitive data on their own servers. I think the lesson here is that all data on any networked device is at risk.
...does impact on security (real and perceived, which impacts on trust).
One can say that it is more important to trust the provider of the data storage than to trust the location. What makes any particular location untrustworthy if not the security that one can bring to bear? One provider may simply not be able to be as disciplined with their security protocols than another, while being in an area that is deemed to be more secure...like comparing Palo Alto and Namibia.
For every present, there is a past
I agree, the primary concern should be data sovereignty. However, if one ignores where it is kept, and how and by whom, whether in house or outsourced, they are not doing their due diligence.
We've all seen companies with data kept "in house" that was raided in recent years. And unless one can be sure about the outsourced employees allowed in/near/at their data, they can't be trusted either.
Why should we be concerned only with security/privacy of data OR the actual location of the storage? Can't we care about both?
Split each byte of data up and store parts on 10-15 different clouds. That way you have redundancy (if several clouds go down you still have enough data from the others to reconstruct your data) and security (if an attacker compromises any cloud they won't be able to get your data).
Given the number of breaches (most unreported ones by employees and former employees), it seems that hosting it elsewhere is the least of our problems. In fact, if done right, it's likely that it's more secure elsewhere because that makes it harder for the number 1 breacher (employees) to get to it.
Yeah, yeah, I know, we are supposed to ignore what actually happens and instead focus on targeted corporate breaches like anyone really cares what we do for a living.
Learn to love Alaska
If it is encrypted data which is being stored there should be no problem with it. The problem lies in that Google has access to raw unencrypted data.
I'm not comfortable keeping data entrusted to me on a provider who can walk away from a data loss with no penalties due to the Terms of Service.
At least when it's on my systems, someone is going to take a fall for data loss, even if it's me. And I'm OK with that.
"My God...it's full of trolls!"
How much are they willing to compensate me if they lose my data? What, they won't? Don't trust themselves?
for la-de-da things yea who cares, when your trying to get stuff done and you cant cause your document is on the cloud, which is experiencing outages, or your internet just shat on itself then yea I care where my durn spreadsheet is when someone is breathing down my neck asking for a shipping update from Indonesia
"He said businesses should worry about security and privacy of data, rather than where it is stored." -- but those aren't separate concepts. Should I worry about security if my data is located at Sony corp? Or privacy if my data is on Facebook? security and privacy is very much a function of "where", and of: "who buys out the company next". The only where where one might have some sense of security or privacy is on a drive that you control.
The US has already proved it will do whatever it wants, unwarranted, in the name of Intellectual Property Protection. What's to stop another country from doing the same thing for any number of warrant-less reasons and never giving the data back?
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
If that's the case why doesn't Google store its data with Amazon or Microsoft? I'm sure both Amazon and Microsoft will give Google a deal on data storage.
I care about the location of my data, because not having it local means that it has to travel over severely bandwidth constrained connections. We don't yet live in a world where everyone has 10-GigE connectivity, so having data reside locally means faster read/write. That seems to be important to people, or they wouldn't be buying SSDs and using RAID0. My 15/2 connection (which is really 1/1 during most of the day) makes network data about as fast as accessing a floppy disk.
First, it may actually be a legal requirement keeping the date in a certain jurisdiction. And second, any law enforcement or TLA access to the data will be governed by the laws of the place the date is physically stored. If the Google people do not understand that, one more reason to not hand your data to them.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I think a few people who might care would be things like the US Government when it comes to export laws. The governments of various EU countries with data protection laws, etc.
I care because I'm Canadian. If I keep my data up here it's not subjected to the almighty Patriot Act. Case Closed.
google = skynet
Its not about securing data. Its not even about Google mis-using demographics.
Its about privacy and business value.
Most businesses are valued based on their assets, stock on hand and good will. Good will is a measure of the number of customers who continue to use the business regularly.
Good will is typically measured by looking at the CRMs and counting the number of client files that are active. Take that away, and you can no longer measure good will.
So, why does Cloud computing threaten good will? I'm glad you asked. Many consumers continue to conduct business with a particular company because 'they have my records'. Its not some kind of corporate blackmail. Its easy for the customer to continue to do business with the people that know them. This customer knowledge is held in corporate CRMs.
As soon as it becomes widely known that all CRM data is in the Cloud, there will be a gradual transition (thanks to FOI laws) of the ownership of the data moving back to the individuals instead of residing with the companies. Microsoft's HealthVault is case in point. When my medical records are owned by ME instead of owned by my doctor, I can choose to get healthcare anywhere.
There are great arguments in favour of the concept. Client service will improve out of sight when it is the yardstick for comparing companies (instead of possession of CRM data). However, show me one businessman who is prepared to give his goodwill into Google's custody, and I'll show you a big risk-taker.
Host it yourself.
Depending on what your line of business is, this may not be feasible. If you're a startup that's begging for capital, well, beggars can't be choosers.
OTOH, if you're just having a site hosted that has no real sensitivity to it, what does it matter? Put it in a cheap cloud hosting service and be done with it.
Non impediti ratione cogitationus.
Googles example of an intraoffice message being routed around the world is a classic strawman argument. It's not the individual intraoffice messages that might bounce outside the data centre (possible due to a .forward on an individual account) that worries me. That's a needle in a haystack (although the searching algs are getting much better). It is the fact that the entire storage of read and unread (i.e. webmail,imap) ends up on a server that may be in a different legal jurisdiction (and for my University, it is a different legal jurisdiction). Or, if you adopt google docs, all of your documents are stored in google's servers (and without encryption to boot!!). One US court subpoena, warrant or NSL, and all your data is vacuumed. Even though some recent cases have strengthened the notification requirement, you have to fight the subpoena or warrant in a US court under US law.
If you are just using google as a disk drive, then you can encrypt your data, but if you are actually using the google services, forget it.
Atlas stands on the earth and carries the celestial sphere on his shoulders.
YOU
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
*sigh*. Okay. I thought it was obvious why this "story" is not quality discussion material, but I'll explain.
The article is presented as if its subject is Eran Feigenbaum's claim that "Professionals should worry about security and privacy of data, rather than where it is stored." But instead the article is a potpourri of quotations and facts unrelated to the main problem with the claim, which the article totally ignores. Any article on the subject of this claim needs to in some way establish that security and privacy can make location irrelevant, and I would expect the supporting statements of the article to do this, but nothing in the story even approaches this basic aspect of the claim. Instead, it is filled with a number of superficially-seemingly-related-but-ultimately-off-topic anecdotes.
After presenting Feigenbaum's main claim, the article presents a "supporting argument" by Feigenbaum: "He cited a meeting in Europe where he had tracked an email sent within an office as it bounced through five countries. In this circumstance, Feigenbaum said, security trumps data sovereignty." So email currently goes through a lot of countries when it is sent from one person in an office to another, where it is likely in plain text and can be read by any number of corporate and government entities. The only way this could possibly be construed as supportive of Feigenbaum's point is if read as "Email currently goes through many nations and it is secure enough". If read with any understanding of how the email system works, it undermines Feigenbaum's point.
Then the article has Michael Cloppert "support" the argument with the same type of claim: "I'm not convinced that the data location issue is a problem - after all, packets are routinely routed around the world irrespective of the export status of their content". Again, the argument is "this is what we're doing now, therefore it is secure enough". Actual security of information going through various nations is not addressed.
Then it presents the "other side" of the argument: There is no way you can know how Google is handling your data even though they assure you they are doing it well. And their contracts have lots of language that could excuse them from legal liability if that is not the case.
Then we go back the argument supporting Feigenbaum's main point. "He said customer data can only be accessed on a need-to-know basis". This does not support 5he argument that privacy and security make location irrelevant. "[L]ess than two per cent of Google staff had entered its top secret data centres". This does not support the argument that privacy and security make location irrelevant. "Google also stamped each hard drive with unique barcodes that allowed the company to track the lifecycle of data stored on each disk." This does not support the argument that privacy and security make location irrelevant.
Then we are presented with this: "But it did not encrypt data at rest, and had no immediate plans to introduce the protection." This makes it sound like location is very important to security and privacy--that someone could entire a facility by force and read the data.
The article acheives nothing other than quoting a single-sentence, questionable claim. It presents the claim, then a number of partially related statements that are presented as "discussion" of the claim but that actually have very little to do with it. I wouldn't be surprised if the article twists what Feigenbaum actually said for sensationalistic purposes.
This article represents the worst type of "journalism".
I want my data stored in Google's new datacenter in Kazakhstan.
From the time that they knew what the Internet was, I've tried to impress one rule upon their minds, "never put anything on the Internet that you're not willing to see on the front page of the newspaper."
That goes for email, "the cloud", discussion forums, blogs, etc. While various courts disagree with me, I don't think that there is any reasonable expectation of privacy in any communication sent over the Internet. IP packets are like handing a postcard to a stranger who happens to be traveling from Orange County to Las Vegas. In Las Vegas, the postcard gets handed off to someone else that happens to be traveling to Aspen, Colorado where it ends up in the hands of someone traveling to St. Louis. In St. Louis, a kind stranger picks it up and carries it as far as Chicago where yet another person picks it up and carries it to Cleveland. In Cleveland, someone carries it to NYC. And the postcard just sort of sits in NYC until someone headed to the a particular neighborhood notices that the address is close to home, picks it up and carries it to the mailbox.
If someone wants to send a "private" message in such a situation, the need for encryption is obvious.
So, yes, one should be wary about storing sensitive information in the cloud and where it resides in the cloud is mostly irrelevant. Even if the data center is in the most secure of locations, to get there the packets had to travel through all sorts of insecure locations.
The EU can't allow their stuff to be hosted in the US where unwarranted and secretive searches are the norm. The US won't allow their stuff to be hosted in the EU because they can't trust the individual states to do the same to them.
The only solution is client-side encryption where Google etc. hosts only encrypted data and can't have access to the keys. There are projects that are working on this but this means the 'cloud' won't be hosting everything but a more hybrid approach is necessary.
Custom electronics and digital signage for your business: www.evcircuits.com
Form 637:
Just the first hit I got off Google.
Until we have one world government, differing laws on data privacy mean you have added considerable complexity for the savings of using their cloud. Maybe it is a worthwhile trade-off, maybe not. But he is silly making such a blanket statement. If you work for a company that contracts with the US Government you may be aware of ITAR and the various rules about where data can be stored.
In general, to me, the cost savings is far over shadowed by the increased risk. Even if you mitigate the risk by doing your homework and picking a state with laws that you agree with...you've just spent quite some time and money on that research.
Blar.
1. If it's sensitive then it shouldn't be on the internet in any manner including hosting. 2. Knowing your legal rights is relevant, and that requires knowing where your data is hosted. If beach pictures of your wife violate Iranian law then they shouldn't be hosted in Iran. 3. Known risks. If you work for a European aircraft builder and you're trying to beat out a major American aircraft builder for a large contract then you best not host your trade secrets in the USA.
This guy's got to be kidding me. Upton Sinclair said it best: "It is difficult to get a man to understand something, when his salary depends upon his not understanding it."
Support NRA, America's oldest civil rights group.
Dude, you could've just said ,"OK, I'll store all your data over a fault, near a volcano, in a tsunami prone coastal town, in a country run by a government that has no concept of privacy or property rights BUT it'll be encrypted. No one will have a problem with that, right?"
Of course it matters... a lot. Google has yet to establish itself as a trusted entity, and with possible ties to the government, it just makes it that much easier for big brother to snoop on your data. Imagine that - all the government has to do now is make copies of your virtual machines (files) and they have everything they want. Look what happened to Amazon recently. As the CSO of a large Fortune 500, I don't trust any cloud provider.
Maybe he should ask Citigroup credit card holders?
The comments clash with those made by IT pros including Gartner, who said "cloud providers like Google can't be trusted with sensitive data."
I wouldn't say they 'clash.' I'd say they show an attitude that serves as evidence of such assertions.
Case proven: the person writing the summary is either a corrupt liar or so stupid/unqualified they should be reassigned.
Somewhere, somehow, there may are people who think Gartner has something to legtimate and useful to say about weird corner of IT
(and who are not getting a kickback) but I doubt it. Gartner? Gartner?? Gartner??? IT? On what possible alternate-universe?
,,,how banks work. Where the data is stored has a lot to do with how much (or little) legal maneuvering is required to gain access to customer financial data.
-- "In order to have power, I must be taken seriously." -Mojo Jojo
The main concerns about data location and sovereignty ARE privacy and security. These two viewpoints aren't opposed. Sure, worrying about the location of your data //for its own sake// is silly. The big reason people worry about where their data is is WITH WHOM it is: whether they can be trusted not to snoop it, sell it, carelessly lose it, or cave to a subpoena or DMCA takedown. That's the whole point.
I think I'll trust the Google's opinion about the safety/security/availability of "The Cloud!" when one of two things happens:
1) Google turns out the lights in all their data centers and moves their entire operation into someone else's cloud service.
Or
2) Google is willing to trust their entire existence to the integrity of their cloud service. This means that Sergey, Eric, Larry, and all their employees turn over stock ownership. They hand over the keys to the buildings, the data centers, the networks, the IP, the airplanes, everything the very first time one of their staff sees a bit of data that belongs to a customer.
i do care about that KVM Switch
/me raises hand
But it is nice that Who cares, even if I thought David Tennant was a better Doctor.
I keep all my data in Geocities. No worries!
It's pretty amazing to see how many people have been so easily suckered by Googles "do no evil" and we're "open" song and dance. Their services are not reliable and they are not secure. Plus they monetize your business and personal information. It's their business model. if your not paying for something its because you are the product.
'Who Cares Where Your Data Is?'
Seems like Google cares a great deal about where my data is. Maybe I should care too.
This obvious BS! Once the data leaves your computer/network, you lose all control of it, and there is no security possible! That is why my data stays on my computer! Best privacy policy: NEVER EVER ENTRUST YOUR DATA TO ANYONE BUT YOURSELF!!
Concerning stored data, one way or another, one or more of these requirements comes into play: "confidentiality, integrity, availability", or sometimes "authenticity" If you are seeking 'proof' of any one of these concepts regarding the data, at any of the varying stages of consideration, how can you, or your service provider, prove it if there is a question of "where" the data resides?
cjacobs001
Attacks are much easier when they have physical access to your data. I have no guarantee Google can or will keep my data safe.
- I've got bad karma because I won't parrot everyone else's opinion
Putting data online in ANY situation is the responsibility of THAT person, NOT of the people hosting the data. The host need only provide as much security as it can to circumvent inappropriate access to that data but if you're stupid enough to expose sensitive data in a public environment then I believe you deserve what you get!
Sensitive data CAN be transmitted through the public internet as needed, but stored there? Come on, only morons do that!
Being responsible for data is like being responsible for a child, you expose it to things that are APPROPRIATE for the data and shield it from the rest!
In the end, WHERE your data is hosted is irrelevant. Your data is probably being indexed by thousands of robots, cached in people's browsers, shit, your data could exist in thousands of places you've never even thought imagined! Get over it man!
http://www.gibby.net.au
As it does become costlier to 'keep all data', regarding business data, when using a data or document 'classification' method which identifies data that poses greater risks for the organization, regulatory and\or legal, or in unnecessary costs, once the data can be moved from 'riskiest' to 'least risky', maybe then it becomes acceptable to introduce the 'unknown' of 'where' the data is located, (if you keep it, at all), but surely not while the data is classified as 'risky'.
cjacobs001
I guarantee Google chiefs and executives care where their data is when they get served DOJ subpoenas.
I outright refuse to store any of my data with third parties, but it's not for any of the usual reasons. It's for the right reasons. My data isn't my data; my data is my clients' data. Things happen. Things happen to my systems, and things happen to third party systems. My clients understand and even expect that. The difference, though, is what happens next.
When my systems fail, my clients expect me to solve the problem. So I they call, they complain, I reassure them that I'm working on it, and that I have everything I need to resolve the issue, and that it'll take whatever time I estimate. They feel reassured. Then I finish, it works, they are happy. Their supplier dealt with a problem expediently, which gives them added confidence that I'll be able to do the same next time. My clients don't worry about going down occasionally. They worry about not being able to come back up.
When third party systems fail, my clients would call me, and expect me to solve the problem. Theyd complain. I'd not be able to reassure them at all. I'd sit there and say "my supplier is working on it. I don't know when they'll be done. I don't know if any data is lost. I don't know what's going to happen. I'm just waiting, same as you". That's not reassuring at all. Especially since my clients are paying me, directly, and here I am doing nothing to solve their problem. And they can't call my supplier, who won't even talk to them.
That's the problem. No one ever wants to be in a situation where they pay a supplier who isn't able to solve problems. That's the typical consumer scenario. Businesses don't like to be treated like consumers.
So I don't. I use my own systems, all within my control. And I use suppliers that offer me dedicated assistance in solving problems so I'm not alone in solving them. But that's very different than hoping they'll solve it without me.
LOL...if you worked for any other company than google and they were holding your data you would definitely want to know where the hell it is!
And no..I did not read all of the previous posts...have too little time in my life to read all that
Sorry folks.
businesses should worry about security and privacy of data, rather than where it is stored.
But the place your data is stored is directly relevant to its security and privacy...
"What sane person could live in this world and not be crazy?"
Good My Post
http://master-1st.blogspot.com/
..doesnt mean no information can be extracted from it, just by watching the shear volume of data you could make some conclusive observations about a company.
It is the same as watching the number of parcels/physical mail coming in and out of a company. Just because you can't see what is in the parcels doesnt mean that there isnt anything going on. For stock traders this is a wealth of information.
It is a question I have always asked, is google using all its collected information to predict stock markets? That would be a very gray line to massive insider trading.
my 2c
As an international company, we have to be very careful of where our data goes. If we were to move to the cloud, and that data was to be moved to, oh, say, China, we'd have several uncomfortable questions to answer about how it got there. Doesn't matter how encrypted or secured it is, some things just can't leave the country without reams of paperwork, and data is no exception to that rule.
. . . you don't have security.
Period.
First of all, the argument "it's encrypted" is only valid if YOU are the person encrypting it. Otherwise the protection simple isn't there.
Secondly, there are laws governing data and data management, and they get pretty firm when it comes to private data. It is extremely important to know under which legislation data is hosted because the rules differ per legislation. A classic example: if I store UK data in a facility that can be accessed via another country (say, the US where the magic word "terrorist" opens any container) and that data gets used, *I* am liable, but not in control.
Companies are bullshitted left, right and center with these cloud services, and if Eran Feigenbaum is willing to make such statements in public it indicates to me that he either has no interest in the laws his customers have to follow, is willfully misleading them - or shouldn't be a chief security officer.
Insert
RMS cares.
Ok, it sounds like a suit-bot saying, but it actually has a real, specific meaning.
Companies should figure out what it is that makes their company unique and specific, and spend money making sure that core competency is maintained. Anything else is a candidate for outsourcing.
On a personal level, we do it all the time! I am, at best, a modest mechanic - anything much more complicated than a battery or alternator stymies me - so I have my car worked on by my mechanic. I'm not much of a doctor, anything beyond "diabetes" or "hematoma" makes me dizzy, so when there are medical questions, I consult my doctor.
But I don't hire people to fix my computer - that falls well within my lines as a tech professional, so my routers are set up sensibly and my personal computer and important data is all redundantly backed up.
If a company makes computers, it's a dumb move to outsource making computers, because that's giving up their core competence and their company ceases to have a reason for existing!
But a car manufacturing company could do well reducing costs by outsourcing their email to a 3rd party vendor, so long as adequate SLAs exist.
Ask yourself: how many average, ordinary people back up their own computer? Do you really want that average, ordinary guy (who never backs up) in charge of keeping your medical records safe and backed up?
Even with all the risks that outsourcing represents, in many (most?) cases, the data is safer with a 3rd party.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
That he pulls in references you find questionable doesn't mean he doesn't have a point. I'm OK-ish with Google as a search engine (although I use StartPage to stop them from grabbing my personal data), but I work with far too sensitive data to allow ANY of those fuzzy cloud services to get their hands on it.
The statement from their Chief Security Officer tells me they haven't quite arrived yet at a view about protecting my information I would be remotely comfortable with - as a matter of fact, what he states is IMHO misleading.
Their business model is to get me to give up my intellectual property for their own use (see chapter 11 in their ToS) and that just ain't gonna happen...
Insert
"rather than where THEY are stored"? Data are plural after all. And shame on the rest of the posters who made the same error. ITT: plurality fail.
Korma: Good
Allow me to quote here from the Google Terms of Service which govern every activity and interaction you have with Google. Fun to read if you have any Data Protection of HIPAA responsibilities. If you need it in another language, do to the relevant google (i.e. google.de) and use the same /accounts/tos link.
The conclusion you should draw from this is to never, ever use Google for ANYTHING that involved intellectual property or cannot handle disclosure. The 11.1 clause looks OK, but 11.2 is formulated so vague it applies to anyone, even their window cleaners.
Here goes:
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.
11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.
11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above license.
If you use Google for any kind of data storage or communication after reading the above you deserve all the trouble it will bring. I'd even hesitate about using their search without an anonymiser such as startpage and even then you have to be careful with the results..
Insert
Forgot to add this.
Hosting any information in general with Google is interesting, given this extract from the Google's Terms of Service:
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.
11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.
11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above license.
It's worth reading these things..
Insert
Don't we all have the message the Gartner are not 'IT Pros' yet?
Sure they happen to be right in this instance but their long history of BS rules them out as 'IT Pros'.
but if (when) they mess up internally you can 'manage the problem' from a 'client perspective' and hold accountable those involved internally.
Try doing that with an external provider who don't really care if your not buying and a problem customer = a cost.
I'm working for a canadian based company and I do care about where my data is stored.
Patriot Act is a pretty good reason for me to think twice about storing my data in the US even if it is encrypted.
I was at a cloud talk last month and all the government and university people had the same concern and no one was suprised.
Wikileaks did some things that may or may not have been illegal in the United States. Wikileaks ability to do business and collect funds was taken down as it was 'in the cloud' and the provider was more worried about their own behind. The network connections were still up as the FCC and other regulators would go medieval on a provider who did this without just cause. This isn't the case for contracted services. An service that is 'unpopular' to a large entity can easily fall victim to this. For example in a large vs small company thing. Imagine Apple taking down thinksecret because they pressure thinksecret's provider threatening to eliminate any exisiting business with said provider. Same thing. It's why I have recommended to the ownership of our company that we do not outsource to the cloud. Instead I have recommended that we implement cloud-like technologies within our own network where it is still powerful.
I disagree, in this day and age, it's all about control, and therefore enforcement. Countries cannot control their data if it is not within their borders, as U.S. law has shown time and time again. It's simple. They know that and want storage within their borders to ensure the IPs and Datacenters are following their laws, not the laws of another country i.e. U.S. Not sure what is so hard about this concept.
F U C K g o o g l e
Now look at two more realistic cases: Encrypted data stored on a privately owned company network/cloud that is behind firewalls, malware detection, intrusion detection, etc. Your big worries are determined hacker or clueless/malicious employees. While the encrypted data might be moved around within the local network or over the WAN between offices, someone would still need good *timing* to intercept the encrypted data while it was in transit. Then they still have to deal with the encryption. The other option is encrypted data stored on a public cloud. The cloud hopefully has a similar amount of security measures as a private network, but who really knows? That's part of the problem. Essentially this option is very similar to the extreme of posting the encrypted data on the Internet. It's out there for anyone to download at any time. Which means there is a lot more opportunity for someone to download it and brute force it. Security is a matter of layers and statistics... The more layers you have the lower the chances are that you won't be hacked. No reason to reduce your odds simply because some cloud vendor wants your money.
--
Luck is just skill you didn't know you had.
Regarding "where the data is" discussion, it is contractors that collect and store data for govt security clearances. I wonder if they might outsource these databanks like they do for everything else. And if these will eventually end up in China or India. I haven't seen any reliable articles that would say otherwise or not. Or if this is a concern or not (but I sure hell like to know about this kind of outsourcing).
mfwright@batnet.com
http://tech.slashdot.org/comments.pl?sid=2225174&cid=36390518 Because it shows you for who & what you REALLY are, a Linux troll?? Absolutely. Caught red-handed, with your pants down troll, lol!
Google's point is somewhat valid. They are providing a service, which is data storage. If you trust them, then you don't need to worry about how they implement that service. The assumption would be that they are putting the data in a place that makes sense. Now, you don't have to trust Google, but that is essentially the argument. Furthermore, you have to admit that if it's not your core business, then you can't simply do everything yourself, including massively secure onsite data strorage. BTW, look how well Amazon is "trusted".
The playstation network actually got hacked and had its data stolen by hackers so its not un usual for massives company's completly messing up your private information. However you as the user must realise that you are handing over your private information to them and it is at your own risk that you do so. They can only promise to protect it with all there power and ensure they dont steal it themeself's but accidents can happen. You wont hand over your private details to your local shop because your afriad of it being miss used so maybe use that logic again to apply it in this scenario and realise that your valuable data is in somebody elses hands, and although company's such as google are safer then your local shop. You still must decide weather the online advantage with your data in the system is worth the risk....hmmmm
The the very best Web Designers
"The more layers you have the lower the chances are that you won't be hacked."
I assume this is a typo and more layers should increase your chances of not getting hacked.
Suppose your data was actually stored in a country that undergoes a civil war, and in the process, the powers that be disconnect the country from the internet for two or three weeks, eventually returning it. What would your business do? Stop dead in it's tracks, or switch to paper?
Leslie Satenstein Montreal Quebec Canada
Thank you. http://exercisesto-reducetummy.com/articles/abb-workouts/are-you-caught-up-in-a-cycle-of-fat-loss-fitness-confusion