Thursday, 17 November 2011

Cloud Computing: reviewing the risks

I’ve just attended an excellent private discussion forum on cloud computing and consumerisation. Attendees considered the benefits, as well as the possible pitfalls, of this emerging technology, as it might be used by public authorities, private companies, and individual consumers. No, I won’t be reporting in detail on what was discussed under the Chatham House rules. All I’ll say is that the event was held by the Information Assurance Advisory Council and that it took place at the offices of the British Computer Society in Covent Garden. Now then, those who read this blog and who know about the IAAC will be able to appreciate who might have attended.

What I will say, however, is that some of the discussions might have been oddly familiar to those who can access the minutes of the meetings of the Royal Society in the Victorian era. During the early part of that era, Michael Faraday read before the Royal Society a series of 30 papers about his experimental researches in electricity. Gradually, private companies created their own Directors of Electricity, as each company generated its own power. It was only at the very end of the Victorian era that the concept of a high voltage integrated electrical power distribution system was created in the UK, and private companies made their Directors of Electricity redundant as they joined what was to become the National Grid.

It occurred to me on the tube home that many of the issues that needed to be considered as companies were faced with the choice of continuing with their own power generation capabilities, or moving towards a shared power service were oddly familiar with those of us who are thinking deeply about the cloud computing conundrum. What is also oddly familiar is the venue for some of the dinners held by the IAAC – after all, Simpson’s in the Strand rose to prominence in the mid Victorian era, too, and would have been frequented by members of the great and the good and by those who were sufficiently interested in modern matters (such as members of the Royal Society).

One key message emerging from today’s meeting that I am free to share is the need for people to be aware of what the cloud computing risks and rewards actually are. Easy to say, actually very hard in practice to deliver. After all, we all think we know what we are talking about, but is our knowledge level really that deep?

To demonstrate (just to you) how flaky your own knowledge might be, I’ve come across this really handy on-line test which asks a series of questions about what is legal, and what is not legal, when you use Twitter, Facebook, upload material, blog, get involved in on-line discussions or sell anything on the internet. You may think you know the law – but is that really the case?

Feel free to take this on-line test, at hosted by Nominet (so it is a credible website), and marvel at your own results. It will only take a few minutes to complete, and no-one else ought to be able to know how knowledgeable you really are.

And it makes you wonder that if normal people are as ignorant about the basic elements of the current law as those of us who take this straightforward test, then what hope is there of getting them to appreciate the possible consequences of allowing their own material to be stored or processed in a cloud environment?