Cloud Data Ownership: 'Onus Is On Cloud Providers'
Data ownership concerns clouded the initial move to the cloud, with questions swirling over what happens to data when it's moved to the cloud; what happens if a cloud provider goes out of business; and what happens if cloud customers fails to pay their bills.
And as more cloud providers spring up and more workloads and data are moved into the cloud, those questions become more pressing.
The issue came to a head earlier this year when cloud storage provider Dropbox tweaked its terms of service to include language that led customers to believe that Dropbox could use their files, documents and other data as it saw fit.
When Dropbox revised its Terms of Service in July, it wrote: "By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service."
The wording sent Dropbox customers into a frenzy, worrying how Dropbox may "prepare derivative works" or sublicense their data. Dropbox quickly did an about-face and changed its tune, apologizing for the gaffe and told customers that customers own their data and Dropbox will not use it.
"We want to be 100 percent clear that you own what you put in your Dropbox. We don't own your stuff. And the license you give us is really limited. It only allows us to provide the service to you. Nothing else," the company wrote.
The UK's National Computing Centre also recently found that IT decision-makers from private and public sector organizations rank their largest concern when it comes to cloud security as "loss off control of data and loss of control over where data is held." And in the U.S., cloud users share similar fears.
And in the U.S., Gartner last year crafted a cloud computing bill of rights, where data ownership was the first and most important right afforded cloud users. Gartner said cloud users were entitled to "the right to retain ownership, use and control of one's own data" and that cloud providers must specify what they can do with customer data.
The rise of social networks has also called into question data ownership, when networks like Facebook were rumored to be leveraging user photos for advertising and other content without consent. In reality, Facebook's social ads require users and their friends to take "express action" to share information.
The thorny issue of data ownership has caused businesses to wonder if it's safe to turn their data over to cloud providers and trust it off-site on someone else's servers.
But for cloud providers and cloud VARs, data ownership isn't even a question. The customer owns it. No ifs, ands or buts. But it is up to the vendor and cloud provider to spell out exactly what it has access to and what happens in the event that data is unavailable or inaccessible.
"Data that is uploaded to the cloud belongs to the individual supplying the information. The normal ownership rules of proprietary data still apply," said Brian Fino, managing director of Fino Consulting.
NEXT: The Cloud Customer Owns The Data -- Period
"There has never, ever been an issue of who owns that data. The customer owns that data," added Mike Eaton, CEO of CloudWorks, a Thousand Oaks, Calif.-based cloud solution provider.
For cloud providers, making it clear where the data ownership coin falls is a key differentiator, Eaton said. And it is important to tell clients that data is private.
But Eaton said some customers are standoffish because of experience with other cloud providers and Web services makers. For example, users know Google won't share user data, but Google mines data for patterns and behaviors to rev its advertising engines and target content. Solution providers like CloudWorks have a different business model.
"You have to understand how service provider works," he said. "We make a living serving our customers. If you're getting a free e-mail account, you have to wonder what's in it for the provider."
Eaton said customers frequently ask how data is secured, how it's backed up and how it's stored, along with what CloudWorks can do with that data. There are cloud security certifications and safeguards in place to document how data is handled in the cloud and what a cloud provider's and cloud customer's right are.
Backupify, a cloud backup player that integrates with Google apps, said providers will have to better answer data ownership questions as the market continues to evolve.
"As the market continues to develop and customers get more sophisticated, they're going to hold vendors that much more accountable," said Daniel Stevenson, who recently joined Backupify vice president of partnerships and alliances. "The onus is on the providers to improve how they communicate."
But recently, the market has shifted and customers are now less concerned about how a provider his handling their data, and has become more concerned in the one in a million chance when data is not available or data can't be accessed.
Stevenson said data has to be stored in more than one place in the event that a cloud provider goes out of business or an outage occurs or any other number of issues arises that makes data inaccessible.
"This is a blind spot or white space that needs to be filled," he said.
The issue of redundancy bubbled to the surface in a recent spate of cloud outages, where users with data stored in one cloud provider's data center couldn't easily access or lost data due to downtime. Major cloud offerings like Amazon Web Services and Microsoft Business Productivity Suite (BPOS) have been knocked out of commission by cloud outages.
But regardless the reason, CloudWorks' Eaton went back to the firm stance that while cloud providers should tell customers how their data will be treated, the integrity and ownership of that data should never be called into question. It's the customer's. Plain and simple.
"Data ownership has never been a grey area," Eaton said. "It's black and white."