These days, my mailbox is often inundated with emails from cloud providers (and startups) vying for an opportunity for coverage. This is hardly surprising, given the intense interest - and competition, in storing data in the cloud. To their credit, many of these cloud vendors are coming forward with robust and even unique offerings that provide genuine value to SMBs and SOHOs.
It is not wise, however, to make decisions solely based on the marketing claims of those trying to sell you their products. To balance the debate on the relative merits of storing data in the cloud, I've listed some infrequently mentioned facts on this topic.
After using computers for a few years, most users would have put together a veritable assemblage of USB flash drives, portable disk drives, memory cards and laptops cluttered with work and personal files. Properly maintaining and wiping data that is no longer required is time-consuming work, and a legitimate concern is that any cleanup process could result in important data being accidentally deleted. Given that storage is cheap, the inevitable decision is to keep all data - generally not a problem given that the storage devices are in the physical possession of the company.
Now try to imagine this scenario repeated with multiple cloud storage providers, however, and the situation turns out quite differently. Moreover, it is next to impossible to preempt cloud storage providers who may abruptly go out of business one day, be less than judicious about your data security, or simply do a poor job of discarding obsolete storage disks.
Encrypting data before uploading to the cloud will negate this particular problem. Yet given continuous improvements to processor speeds and the potential discovery of weaknesses in cryptographic implementations over time, I think it would be a far better proposition that even encrypted data be kept completely inaccessible.
Brute force attacks
Cloud storage vendors typically make use of a static password to authenticate legitimate users. While many of them implement basic rules to prevent users from setting passwords that are too simple or too short, these static passwords are nevertheless susceptible to brute force attacks. What's probably even scarier is that no cloud storage providers that I know will warn me upon detection of repeated attempts to guess my password.
Dubious legal jurisdiction
We all know about the legal nightmare that can result from data stored in countries with a different legal framework from that of a business. I recently came across a cloud storage provider that is proudly advertising multiple backups of uploaded data at various geographical locations - potentially placing a brand new twist to this dilemma.
Cloud storage should be treated as a single backup
Despite the redundancies and multiple copies of data stored at different locations as being par for the course with the typical cloud storage providers these days, businesses should never make the mistake of treating it as anything more than a single backup instance. We only have to look to how a buggy software driver interfered with Google Gmail early last year, as well as the demise of MegaUpload to understand the rationale behind this point. In a nutshell, all important data should at minimum be mirrored on up-to-date local disks.
Do you have any more to add to this list? Feel free to chime in at the comments section below.