Rodney M Bliss

Staying Out Of The Clouds

20130610-001553.jpgThey are some of the biggest names in the tech world:

– Microsoft
– Yahoo
– Google
– Facebook
– PalTalk
– AOL
– Skype
– YouTube
– Apple

The fact that you don’t have to be a “techy” to recognize them shows just how well known they are. Many of them, Apple, Microsoft, Yahoo and Google offer Cloud Services. You’ve probably heard people talk about “The Cloud.” I know my IT friends understand it, but some readers might be a little “cloudy” on the exact definition. (Okay, that was a completely unnecessary pun.)

“The Cloud” is very much like saying “The Internet.” Well, why don’t you just call it the Internet, you might ask. The difference is that when you put something into “The Cloud” only your company can get to it. Many backup companies, for example were quick to embrace The Cloud, since it allows them to backup your data to remote servers. It’s encrypted so that only you can get access to it.

Most consumer email was in “The Cloud” before there was a Cloud. Hotmail, AOL, CompuServe, and now gmail, Yahoo, and just about any other free service lives in The Cloud. And it’s great. It allows you to access your email from any device, and anywhere, and it’s typically free.

And from a technology standpoint, The Cloud is a great option. You don’t have to buy and maintain computers. If your building burns down, you can still get your data. The vendors will explain how your data is actually safer in their care than if you tried to build your own datacenter. And you are the only one who can access your data. It’s great, so why wouldn’t I embrace it for our corporate email?

Fear.

It’s not a popular thing to admit, but as manager over the email system for a large non-profit, I was afraid of The Cloud. Occasionally, I’d get requests from our legal team to make email for a particular user or a group of users available to law enforcement. Typically the people being monitored didn’t know they were being investigated. I rarely knew either the contents or the results of our Litigation Hold process.

But, I did know that every request I got was vetted by our legal team.

And that gets me back to Cloud Services. Sales calls from Cloud Vendors would typically go like this:

You need to let us keep your data. It’s safer. It’s cheaper. It will free up your team to do other work. So, can we schedule a demo for you?

Just answer one question, if the government came to you and said, “We want copies of their data. . and don’t tell the customer” would you have to turn over our data?

Ah. . .

But, Rodney just because the government CAN monitor your data doesn’t mean they will!

NSA Sucks in Data From Fifty Tech Companies
US Intelligence Mining Data from Nine US Internet Companies in Broad Secret Program

Those companies I listed above? They have all been identified as sharing data, sharing CUSTOMER data with law enforcement in the USA and Britain.

But, Rodney they might be collecting data, but they only target the bad guy’s data.
Officials: NSA mistakenly intercepted emails, phone calls of innocent Americans
NSA collects info on 3 billion phone calls each day

But, Rodney they might be collecting the data, but they wouldn’t target your organization.
IRS Didn’t Just Target Conservative Non-Profits

But, Rodney they’d tell you if they were investigating your organization.
Attorney General Eric Holder Signed Off on Search Journalist Email
(Normally, they have to inform journalists they are being investigated, but not if they are looking at email that has been opened.)

Our organization had been targeted by federal and state governments in years past. We try to be non-political, but as a conservative organization, politics sometimes found us despite our best efforts.

I’m not some Luddite, and neither should you be. The cloud provides many, many benefits to organizations, including ours. My mother asked me if she should upgrade her 10 person CPA firm to a Cloud based email provider. Probably. She’s not an IT company. It’s very expensive for her to maintain her own email server. But, just be aware of what you getting into.

We moved the email for our 60,000 volunteers to The Cloud. Our email spam filter was a hybrid of local and Cloud Services. But our key data and the email for our employees and especially executives stayed in our own data center, under our control.

I also know that keeping our data inside our own datacenter is no guarantee of privacy. We have to use an Internet Service Provider to sent and receive email from outside our organization. It would be possible for government agencies to “tap” our incoming and outgoing email either from our ISP, or from our SPAM filter company. However, if Executive A sends email to Executive B and they are both inside the firewall, their information was reasonably difficult for a government agency to access without our knowledge.

And it’s not even that we had anything to hide. In my years at that and other companies, I’ve never once seen my employer refuse to respond to a legal request. We just wanted to know that someone was looking.

In hindsight, I wish I hadn’t been right about the potential privacy issues. I can’t really claim that I knew it would happen. I only knew it could happen and viewed my role as mitigating that risk as much as possible.

Each year when I submitted my budget, I had to explain to management why we still maintained our own email servers. How come we hadn’t gone to The Cloud?

I tried to help them see my fear.

Exit mobile version