A Case Against The Cloud: Local Servers and Security

Posted on

When Amazon's cloud network went down, there was a panic on the Internet.  Several well known and professional services were down for hours, if not days, and we were reminded once again just how fragile the Internet can be.  With all the push for "cloud" computing, this seemed to be a huge argument against it.  Couple it with the recent hacking of the Playstation Network and Android's revelation of authenticating users in clear text internally, and I began to think again about security on the Internet.  Sure, it's convenient to pay someone else to host your services, email, etc, so that you can access that data on the go anywhere, but what control do you have over that data?  In a private world, it's not that big of a deal, but in the professional world privacy and security are crucial to business operations.  Providing security for the data is a top priority, and if you can't rely on your hosting service, on whom can you rely?The obvious answer is to host the services yourself, in your own server farm.  But this can be expensive when you consider the costs of data connections, bandwidth, power requirements, and air-conditioning to keep the server room comfortable with all that heat pumping out from the computers.  And then you need to monitor the servers' performance, keep them up to date, patch them with security patches when necessary, reboot them if needed, etc.  All the expense that caused businesses to farm out their services to dedicated service hosts in the first place.  So what is the answer?  I'm not sure there is one, to be frank.  Bandwidth is becoming less of an issue, as more municipalities add fiber optic connections (e.g. UTOPIA), and less power consumption has become a priority with chip makers like Intel, making the power bill for servers less of a headache.  That also means less power being converted into heat, so air conditioning needs are dramatically reduced.  But there is still the cost of the administration team to keep and manage the servers. But what is the alternative?  I doubt something this big will happen to Amazon again, and even smaller service sites will be better served by the failure on April 21st as they make sure they don't have the same problem.  But what control do you have over your services?  Let's take a simple thing like email as an example.  If you use Google Gmail, then your emails are stored on their servers. But what if they are hacked, and your email is then taken?  It's remote, but it could happen (as it has in the past).  If you keep your email internal, or even have two email services, one for internal mail and one for a public communication service, you then control your internal mail content.  Perhaps I'm just being paranoid, or over cautious, but it's something to think about.  There are huge benefits to the cloud and being able to access your desktop/service/files anywhere you need them.  But there are potential costs as people with nefarious intent/nothing better to do will try to attack and glean anything they can from big service providers.  It's a dilemma I'm working on for my own potential startup, and one that I think should be taken seriously before I put my infrastructure in place. So what do you think?  Am I just being paranoid?  What would you do, if you were starting a business and security was something very important to that business?