Are MSPs asking wrong questions about the online storage systems?
Google announced Google Drive this week. It is a revolutionary new service that gives you 5GB of free storage in the cloud for your Google documents or any files you wish to upload. We say revolutionary with a hefty bit of sarcasm – the same service is available from tons of vendors both commercial, social and mobile. Yet the MSPs seem a little concerned about the prospect of data ownership:
Your Content in our Services: When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.
Sounds bad, right? Yet every other service out there from Box.net to DropBox to SkyDrive to iCloud contains the exact same provision and all it means is that the data will be moved around and reformatted in order to present it to you on your PC, iPad, Android phone and so on and so forth. Read the clarification here in detail.
To the many MSPs I follow on Facebook and Twitter that were outraged over this, respectfully.. you’re asking wrong questions.
First and probably only important point here is that you really need to understand that these solutions are meant for consumers and individuals, not for businesses. That ought to have stopped anyone from even questioning the privacy restrictions of these solutions.
Second, what kind of questions should have been asked?
1. How is the data encrypted and who manages it?
2. Where is the data stored, on which servers, in which data center and physical location?
3. What is the data backup and retention policy?
4. Where can I obtain audit reports or run my own reports on the data integrity, access and possible leakage?
5. What level of access control is granted to us (service provider) or client (end user) or is it one account for everyone?
What service providers often tend to overlook is that many industries have tons of data storage and retention regulations when it comes to losing data. These are never considered while thinking about storing data or backing it up to a third party, but they are always considered when the said data is lost and the question of liability comes up – Was the solution we selected appropriate for what we needed? Did we control access and authorization or run audit reports to see who had access to the data? Was the data allowed to be stored and moved off site in the first place? What about government regulations that we have violated that we may now get sued and punished for.
Managed service providers that embrace the cloud need to be vary of their tendency to want to retain control of the client because that control tends to assume the liability for when issues go wrong with the third party. Advising clients and implementing technologies is as much an act of finding the right vendor business partner (or technology) as it is the search for the levels of liability that allow you to run a profitable business model without risking 100% of it on the wrong choice.