Why a 'protective' techie just can't trust the cloud

Paranoia or security-conscious? You decide which term describes our blogger's fears over cloud computing

OK, so maybe I am a little protective of my data. I do not use any external e-mail systems for anything important. I do not use any Internet storage products or even Apple's MobileMe service. I run all my own e-mail servers, Web servers, file servers, and content collection mechanisms. This is somewhat for convenience, but mainly because I simply can't bring myself to trust a faceless company with any sensitive information. I've been there, I've built similar infrastructures, I've seen how the sausage is made. I would rather handle it all myself, thank you.

And to me, this is the biggest problem with the cloud.

[ Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. | Confused by the cloud hype? Read InfoWorld's "What cloud computing really means" and watch our cloud computing InfoClipz. ]

I know that cloud computing is the future, that data storage needs and availability are best served through a large-scale delivery mechanism that isn't achievable for any but the largest companies. I know that at some point in the future the cloud will be a foregone conclusion, as much a part of modern life as cell phones, laptops, and Twitter. I see the advantages, I see the cost savings. I see the benefits. But for the moment, they simply don't outweigh the detriments.

It's not so much that I worry about data loss -- though that is a concern. It's more about who has access to my information. Who can read my e-mail, who can peruse my files, who can learn enough about me to commit fraud? It could be a garrulous sysadmin, it could be the government, it could be a hacker. I'd never know until it was too late. By keeping all of my information, data, files, and e-mail close to the vest and in an unknown location, I provide myself that protection. Yes, I could get hacked, possibly, but I'm certainly not a public target, like every company pushing cloud computing is. Besides, if I did get hacked, I'd be the only one to blame. And this is only for my personal data, not for a corporation.

It's also not lost on me that the most skilled and trusted engineers are also the most expensive. When the market turns sour or cuts need to be made, quite often those are the people that are viewed by management as replaceable by less skilled, less trusted people. Those that build the temple rarely stick around to maintain it. So even if you have the crème de la crème of technologists running your cloud operation, what guarantees do I have that they will stay? How do I know that they won't be replaced by the poseur that I just got rid of, who has a bone to pick and can now read all my e-mail, download my files, or destroy my corporate presence?

To me, these are serious problems that cloud computing advocates need to overcome. However, that may not be possible without a completely ubiquitous cloud presence. If everybody's doing it, joining the party gets easier, much like my years-long shunning of Facebook that recently reached the tipping point. (I'm still not sure I should have created that profile.)

So I've been racking my brains to figure out how to make cloud computing viable with this mind-set. Encryption? Well, who has the keys? Who wrote the code? Are there backdoors? Can I see it? You can tell me all day long how safe and secure a cloud infrastructure is, but unless and until I can see it with my own eyes and monitor it like I can monitor my own servers, I ain't buying.

Then there's the issue of a cloud company pulling a disappearing act. Wal-Mart is finally pulling the plug on its DRM servers that let its customers access their music purchases -- what if your cloud company decides to do the same thing or is forced into it by reasons financial or subversive? What happens then? If it were my personal data, I'd never sleep well again. If it were my corporate data, it would be worse.

And there's also the potential for sheer ignorance causing a disaster. Go ahead, click that link, read it, and come back. I'll wait.

Yes, you read that right. The FBI raided a datacenter and physically removed dozens of servers that weren't even related to the case they were investigating. It would seem that they just showed up and took everything in sight. Good luck getting that data back. If your whole corporate presence and product happened to be in an adjacent rack, too bad. You're all done. Here's a quarter, call someone who cares.

So convince me. Satisfy me that if I trust you with my data, that it will not wind up where I don't want it. Convince me that it's safe. That this will never happen. I'm all ears.

Until then, I'll be handling all of that myself, thanks.