Nov 172011
 

I have an Android phone that automatically uploads photos to Google; you have an iPhone that automatically uploads photos to Apple’s iCloud service. We both want to send photos to a Facebook gallery for some friends.

To solve this problem, we either have to copy photos manually from Google to Facebook, or make use of some special application to do the work for us. But isn’t this the wrong solution to the problem ?

If the different propriety clouds used an open standard for uploading photos, it would be possible to automatically upload to Google from an iPhone, upload to Apple’s iCloud from an Android phone, or … to some new competitor. Or even for those of us who prefer to do our own thing, to our own servers.

As someone who mixes and matches things, I have “islands of data” in different clouds – some photos are uploaded to Facebook (when I can be bothered), some are in Googleland, and some (the ones I regard as the better ones) are uploaded to my own server. And that is just photos; there are also contacts, notes, documents, drawings, etc. None of this can be easily moved from one island to another – sure I could move it manually, but why would I want to do that ? Computers after all are supposed to be good at automation.

This is all down to the convenience of the cloud providers of course – Google makes it easy to use their services and hard to use others because it’s in their interests to do so, Apple is similarly inclined to keep your imprisoned in their “perfumed prison”. And so on.

But it’s all our data and they should make it easy to move our data around. This not only would be useful for us, but less obviously would actually benefit the cloud providers. After all if I find it tricky moving from one online photo gallery “cloud” to another, I’m less inclined to do so.

Making it easier to move cloud data from one provider to another not only means it is easier for a customer to “escape” one proprietary cloud, but it is also easier for a customer of another cloud to move in. And it would not necessarily be that difficult to do – just produce a standardised API that works across multiple different cloud providers, and let the application developers loose.

To a certain extent this is possible right now – for example, Facebook has an API and Twitter has an API and it is possible to produce code to send status updates to both places. But the equivalent to update a Google Plus status does not seem to be available, and combining status updates in one tool just isn’t there as yet – I have a simple script which sits on top of two other tools (and very nicely pops up a window, a text input box, or takes the status on the command line). But with a standardised API, the code would be much easier to write.

 

Apr 152011
 

I recently read some of the papers linked to from Andrew Cormack’s blog entry on the legal dangers of cloud computing, which made for interesting reading. And caused me to do some thinking. Whilst the legal aspects of cloud computing are complex and need to be examined (it would make things a great deal easier if there was an “Internet Nation” with it’s own laws), one of the dangers most obvious to me is an old danger to corporate computing with a cloud computing twist.

The old danger itself is what happens when non-IT specialists setup their own servers. Such servers are rarely physically secured properly (allowing data to be stolen), are often poorly backed up, and are sometimes even setup with old retired desktop machines. The dangers are obvious, although those who set them up are rarely aware that installing a server is only a tiny part of the work involved in maintaining a service.

Cloud computing offers similar dangers. An organisation that signs up to a cloud-based service is almost certainly going to get a suitable contract that covers many possible concerns, but an individual within that organisation may sign up to a cloud service with the defaults terms of service aimed at the consumer. Some of the dangers are :-

  1. If that individual makes use of their cloud service in a way that is important to the organisation, how do those responsible for IT services assess the risk of it when they are not aware that it is being used ?
  2. Does that cloud service offer a service level agreement sufficient to protect the organisation? Most consumer grade cloud services can withdraw that service or change the terms of that service without notice at any time. They also rarely commit to protect any data held on the cloud, or offer any guarantees of availability. Or confidentiality.
  3. A consumer using a cloud service is protected to some extent by consumer law. An individual within an organisation using a cloud service for their work, may well not be protected at all. Organisations are usually protected by contract law – when a contract exists!