Never Go Into A Place Without Knowing How To Get Out
Sam, Robert DeNiro’s mercenary character in the movie Ronin, prowled around behind a cafe and hid a pistol behind a crate of bottles before entering the cafe’s front door for a meeting. He explained this by saying “I never walk into a place I don’t know how to walk out of.”
That’s good advice for the cloud.
In Learning Tree’s Cloud Security Essentials course we talk about how availability is a crucial aspect of information assurance, but it is often overlooked because everyone is focused on confidentiality. Major cloud providers come out with new services all the time. But they also retire them, frequently with little warning and little to no transition path for existing customers. I just encountered a stark example of this in a cloud service marketed to individual consumers.
I have T-Mobile phone service, and I just received a message about the sudden and complete end to their MobileLife Album service. Today they told me that this cloud storage service ends in 26 days, just under four weeks. They say, “But don’t worry—it’s easy to download all your photos and videos so you don’t lose them.” They explain that they have a partnership with Google, and you can first download all your MobileLife Album pictures and videos and then upload them into Google Drive cloud storage.
Note first that, of course, you must do the downloading and uploading (and you bear all responsibility for any files misplaced along the way). Second, the first 5 GB of Google Drive storage is free. But how many high-resolution photos and, worse yet, high-definition videos is that going to hold?
Their announcement goes on to urge you to do this downloading and uploading work quickly, as all content stored online becomes unavailable in twenty-six days.
I can easily imagine that they will have a sizeable number of customers who don’t check their e-mail more frequently than once a week or so, and who happen to be off on vacation for a couple of weeks now (taking more of those photos and videos they really want to keep). So, they will have a difficult time and possibly fail to get their data transferred out on time.
Yes, that’s a problem for individuals, but corporations and government agencies don’t go off on vacation and neglect to check their messages daily. So, a 26-day notice would certainly deliver the message before the deadline. But with corporate-scale or agency-scale data sets, enormously larger and more complex than individual photo collections, how much more time is it going to take to transfer data out of a suddenly ending cloud storage solution? Large organizations are trying to run continuing operations day to day, and what resources will be free to take on this unannounced project?
Sam the mercenary was right. Always know how to get out.