Microsoft might want you to “Take it to the Cloud” but a whole lot of people are wishing they had stayed on the ground. The recent news that Dropbox accounts may be exposed, again, to attack should raise alarms for any IT manager considering cloud services. Security, though, is not the only issue facing cloud buyers.
Just a year ago, Dropbox introduced a bug that for four hours allowed users to log into other users’ accounts with any password. This time around Dropbox users weren’t nearly so exposed, complaining that their credentials were used to send spam. The company, which has about 50 million users, has brought in an outside team of experts to address the issue.
Ironically, though, many of those complaints are coming from users in Europe where the European Commission (EC) is looking at improving customers’ trust in cloud services. A new policy paper, expected out by the end of the summer, is due to recommend simplified contracts for cloud services.
“The complexity and uncertainty of the legal framework for cloud services providers means that they often issue complex contracts...or agreements with extensive disclaimers," the EC said in the paper, obtained by Reuters.
According to Reuters, regulators claim cloud vendors are not forthcoming enough about what they will do for the customers when a service is disrupted or data is stolen. “They have an attitude of take it, or leave it. You want it cheap then do it large-scale and we cannot tell you where the data goes," European Data Protection Supervisor Peter Hustinx told Reuters.
Such an attitude threatens the availability of enterprise resources. According to recent paper from IBM Research, most Infrastructure as a Service (IaaS) offerings today don’t provide enterprise architects with the necessary visibility into the physical network to optimize applications and workloads.
When engineers design applications within the enterprise, they align compute, network, storage, middleware and application resources to ensure that applications are resilient to hardware failures and performance bottlenecks. However, except for Amazon, most IaaS offerings provide enterprises with “cookie cutter” services where virtualized building blocks, such as VMs and storage volumes, are connected together into a virtual network. Customers often have no control over the layout of the underlying physical infrastructure supporting these virtualized services. Customers have no way to guarantee high bandwidth between virtual machines, proximity to storage, or availability by spreading VMs across different racks, note the IBM researchers.
Confidence in the cloud will only grow as service providers deliver the security and availability organizations need to run their IT operations and a clear legal framework to backup those services. Many of the IT managers using WAN optimization solutions pay lip service to Service Level Agreement (SLAs) from their network service providers, but most will insist on those SLAs before signing a contract, regardless. It demonstrates a level of confidence in their offering and transparency with their customers. Cloud services should be no different.
This story, "Beyond Dropbox: Security is Only Part of the Cloud's Problem" was originally published by Network World.