Thursday, October 24, 2013

There's a reason they call it "The Cloud"

Image credit: flickr/Jackie Tranter
Over on IT WorldDan Tynan tells the story of how his cloud storage on box.com was deleted. By a stranger. With no notification to him.

The short version is that box.com allows enterprise customers to "roll in" accounts of their employees or "external collaborators". This allows the company to manage them all and (apparently) adds additional functionality to the accounts.

Some six months prior to his account deletion, Tynan's account was "rolled in" to a PR firm's account because of a single business exchange with the firm conducted by his wife via box.com. On this basis someone at the firm decided to put his account under their corporate umbrella.

Tynan received no notice of this action. Ever.

So long as the PR firm didn't do anything to affect his account Tynan had no idea anything had changed. Then someone at the PR firm was looking at the list of accounts and didn't recognize his wife's name. So they deleted the account.

Tynan received no notice of this action. His first indication of a problem was when he had no access to his account. Because it had been deleted.

This illustrates in vivid detail some of the hazards of relying on "the cloud" to store your data:

  • You have to trust a third party to safeguard your data. This might work with banks and safety deposit boxes, but cloud-based "boxes" are nothing like that.
  • You are at the mercy of a third party's terms of service. By this account, box.com followed its processes. Its system worked as designed. I am sure buried somewhere the the terms everyone blindly clicks the "Accept" button on was some mention of this "convenience feature".
  • You have to trust a third party will notify you of adverse actions affecting your data.

There are plenty of others.

The bottom line is that you have to trust a third party to protect the data you want to keep safe. Do you really think trusting data in the cloud is safe?

Personally, I use the cloud only to share non-sensitive data (mainly photos) between devices. But all of that data is stored permanently on devices I own.

Oh, and Tynan's story had a happy ending. Once customer support failed to help him he pulled the journalist card and suddenly box.com paid attention. His data was restored.

What card do you have to play when something similar happens to you?

[Link]
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)