How To Solve The Biggest Problems With The Cloud
[date-stamp]Adoption of cloud-based services is on the rise, but with new types of services comes new problems. What are the biggest problems with the cloud, and how can they be solved?
One of the first things we think about when it comes to problems in the cloud is security. How can we know that someone isn't accessing our accounts and steals the information we put into cloud-based systems? This is an issue that is given major focus in the software industry, and one of the solutions is two-factor authentication. This means that it is not enough for someone to guess your password; a one-time passcode must also be entered.
The most well-known example of a two-factor authentication system is Google's Authenticator. This can be used to secure your Google account and any other account system that uses Google Authenticator. Google Authenticator is an app that installs on your smartphone and generates time-based, one-time passwords. This adds a significantly increased level of security to your account because not only is a password required, but the smartphone where Google Authenticator is installed as well.
Services as different as Gmail, Battle.net and Dropbox all support two-factor authentication, and more services are planning to add support for it. There are other solutions available other than Google Authenticator, but they all work more or less the same way. Even the login system for internet banking in Norway (BankID) uses a two-factor authentication system, which shows how safe this is to secure user accounts.
So look for ways to enable two-factor authentication for all your user accounts in cloud-based services, be it Twitter or SalesForce. LifeHacker has created a handy list of applications where you should enable two-factor authentication; this is a good starting point for securing your cloud presence.
Another security threat is the NSA (National Security Authority). It is appalling how they have circumvented security policies and accessed data from the major software companies like Google and Microsoft. Google has actually spent a fair amount of time and effort to protect their users' data, so they were none too pleased when the NSA scandal came out late last year. What will happen, and this has already started, is that the software companies where the NSA have accessed data will put more security measures in place to try to put an end to this - or at least make it as difficult as possible to break into their systems.
Another thing that will happen is that people will leave US-based services and move to European or Asian services instead. A Norwegian cloud storage service named JottaCloud offered a privacy guarantee on their blog last year, and they have attracted good number of new customers since. When selecting a cloud application, check where they have their servers located.
Loss of control and data ownership
Having all your company data stored on servers in your basement feels safe. You know where the data is physically stored, and you personally know the people who are responsible for maintaining the servers and the data on them. However, having your own datacenter in the basement is both costly and manpower-intensive. You also need to deal with backup systems, UPS's, redundant internet connections and a lot more. So it feels safe, but only when you can afford having the required support systems around your datacenter.
It is clearly more efficient to pool a large number of servers together and share the costs for running and maintaining the servers. This has fuelled the drive for IaaS (Infrastructure-as-a-Service) and PaaS (Platform-as-a-Service) vendors. These two concepts were initially separate, but there are signs that they are merging. With IaaS, the datacenter vendor only supplies raw hardware; network, storage, compute resources and normally a virtualization solution. PaaS offers everything IaaS offers, plus deployment services, database solutions, message bus technology, and so on. Good examples of IaaS and PaaS companies are Cloud Foundry, Google App Engine and Amazon Web Services.
Some big companies, like Facebook, build and operate their own datacenters. Other big companies, like Netflix and Dropbox, use Amazon Web Services to power their software. So when a company chooses to use Dropbox as their company file server, the data is actually stored in a datacenter operated by Amazon.
So who owns the data you upload to Dropbox? Their terms of service clearly state that you retain full ownership of your data. Compare that with Facebook, which explicitly states that you do not own the data you upload to Facebook - which is pretty scary! Reading terms of service texts is dull and boring, but reading them (or googling for someone else who has reviewed them) is necessary in order to know the legal basis of storing information in a cloud service like Dropbox. Over time, we can only hope that services that take ownership of their users' data go belly-up and disappear, but until that happens I strongly advise you to do a thorough review of the terms of service for any cloud application you use.
When moving from on-site software to cloud software, you do (to a certain degree) lose control of where your data is physically located. I say "to a certain degree" because you can check where the datacenters used by a cloud service are, but the data is certainly not in your basement anymore. If this freaks you out, you should not move to cloud services. It does not freak me out, but I always check where the datacenters are before using a new cloud service. If the servers are in North Korea or any other weird place, I stay away.
Ok, this problem existed before the cloud, but with a multitude of cloud services and different logins to each of them: how do you manage all this and remember all the usernames and passwords? There are basically two ways to manage the plethora of login information. The first one is to use a password management service like PassPack, where you can store the login information for the services you use. You can store up to 100 usernames and passwords in PassPack for free, and that is enough for most of us.
The other way to manage this is to try to use the same login system for several services. For instance, many services allows the use of Google logins. So you can use your Google login to access your email and your CRM system, for example. By adding two-factor authentication to your Google login, you get two-factor authentication for all services where you use your Google account. So when combined with two-factor authentication, this is a fairly secure way to solve the problem, and it results in fewer usernames and passwords to remember as well. You should not use this second approach with login services that do not support two-factor authentication however.
One of the biggest problems with old, on-site software (not cloud applications) is that they have locked-in the data in silos, and these silos do not talk with each other that easily. Connecting data from different applications allows companies to look for trends and to get additional insights into their data. But getting such a system in place with old, on-site software is challenging, and normally requires a lot of consultants and money.
Cloud applications can also be silos, but by nature they're easier to get them to talk to each other. Most cloud services have a decent API, and there are many companies that provide "bridges" between cloud services. One example is Collabspot , which ties together Gmail and SugarCRM. Many cloud services also have their own marketplaces with add-ons and extensions which add additional functionality to their cloud services by tying them together with other cloud services. Atlassian is a good example; their Atlassian Marketplace contains a lot of useful add-ons and extensions to their products.
Breaking down the silos is therefore a lot easier and cheaper with cloud services than with traditional on-site software, but it is still possible for a cloud service to be a silo. So looking for services that integrate with the cloud services you are using or considering to use is a smart move in order to avoid locking your data into a silo. If the service doesn’t play well with others, find a different cloud service to use.
The cloud is not a silver bullet that solves all our problems. It comes with a new set of problems, but these can be addressed, as discussed above. It also comes with a new set of possibilities, which can be used to take you and your company forward - and this is why they're increasingly popular :-)