Every day more users move their computing lives from the desktop to the cloud and rely on hosted web applications to store and access email, photos, and documents. But this new frontier involves serious risks that aren't obvious to most.
Photo by Dyanna.
In an era of ubiquitous broadband, smartphones, and users who manage multiple computers and devices, it just makes sense to move your email, photos, documents, calendar, notes, finances, and contacts to awesome web applications like Gmail, Evernote, Flickr, Google Docs, Mint, etc. But transferring your personal data to hosted web applications has its potential pitfalls, risks that get lost in all the hype around cloud-centric new products like Google's new Chrome OS or the iPhone.
When you decide to move your data into the cloud, there are a few gotchas you should know about.
Lesser Privacy Protection Under the Law
To search your house or office (including documents stored on your computer's hard drive), cops need to obtain a search warrant. To get to the information you've stored on a third-party's web servers, they only need a subpoena, which is easier to obtain. This kind of search can also happen without your knowledge. The NY Times reports:
Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers - and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.'s own audits have shown that there can be plenty of overreach - perhaps wholly inadvertent - in requests like these.
Some think that privacy advocates are actually conspiracy theorists and that in reality, no one in the government is reading your email. That may be true. Still, you should know that the legal process for a third party to access your data in the cloud is different than if it's on your own computer. Photo by mujitra (Â´･ω･).
Security Systems That Are Too Easy to Break Into
The government getting access to your data stored in the cloud is probably much less of a concern than someone illegally getting to it. Crappy web-based security systemsâ€"like weak password recovery workflows, phishing attacks, and keyloggersâ€"present bigger security risks.
Just last week hundreds of embarrassing and revealing internal company documents from Twitter were published online, obtained by a hacker who used Gmail's password recovery mechanism to break into an employee's personal Gmail account. This could have happened to anyone. (Two lessons to be learned from this particular intrusion: use strong and different passwords for every cloud app you log into, and make sure your alternate email account is NOT Hotmail.)
In collaborative web applications that are built for groupsâ€"like Google Apps or any web-based project management softwareâ€"the security concerns spread across everyone involved. The security of the entire system is only as strong as the weakest user's setup. Once one person's weak password is brute-forced or guessed, everyone's documents and information are at risk.
Data Lock-in and Third-party Control
Amazon reaches into customers' Kindles and remotely deletes already-purchased books. Facebook launches Beacon, an advertising mechanism that collects and publishes information about what you do on external web sites on your Facebook profile (only to apologize and offer opt-out later). Apple denies approval for the Google Voice application in the App Store. Twitter doesn't offer the ability to export more than 3,200 status updates. Flickr only lets you see the last 200 photos you uploaded if you don't have a paid Pro account. MySpace and Facebook don't immediately remove photos from their servers when you delete them. When you're living in the cloud, you're beholden to a third party who can make decisions about your data and platform in ways never seen before in computing.
Server Unavailability and Account Lockout
One of the biggest benefits of storing your data in the cloud is that you don't have to worry about backing it up anymore. Big companies with hundreds of servers are more reliable than your little external hard drive, right? Yes. But servers do go down, and when you're dependent on a web application to get your email or access that PowerPoint slideshow for the big presentation, there's always the risk that your internet connection will go down, or that the webapp's servers will. Offline technologies like Google Gears, decent export functionality, and a good backup system can ameliorate this particular concern, but not all systems offer those things.
Getting locked out of your webapp account is another possible pitfall. The
NY Times reports:
Discussion forums abound with tales of woe from Gmail customers who have found themselves locked out of their account for days or even weeks. They were innocent victims of security measures, which automatically suspend access if someone tries unsuccessfully to log on repeatedly to an account. The customers express frustration that they can't speak with anyone at Google after filling out the company's online forms and waiting in vain for Google to restore access to their accounts.
(If you're worried about getting locked out of your Gmail account in particular, here's one way to automatically back up your mail to your computer.)
Don't get me wrong: I personally am right on the cloud bandwagon with all of you. My web browser is the one app I run on my desktop at all times; I've entrusted the likes of Google, Apple, Amazon, and Yahoo with my data just like you have. The key is to know what you're getting into when you make that choice, to ratchet up your personal security mechanisms (like alternate email addresses and password choices) and to lobby for better user protection by hosting providers in the cloud.