Security/identity · 2009-01-26

Blowing raspberries at the cloud

Is it time to start the big cloud freak-out?

My friend Rita Ashley, proprietress of Job Search Debugged, pointed me to a new service that’s about to launch called Its idea is to help you back up your data living in services like Flickr, through the use of Amazon S3. Rita was wondering if identity professionals would look askance at this approach, where your personal stuff gets saved and propagated…elsewhere. And now the Google GDrive rumors are heating up again, which raises similar issues.

(As of a few days ago, the LifeStreamBackup offering seemed to require you to give it all your passwords to those other services it’s backing up — that’s another eek right there, though I don’t mean to pick on them exclusively. That mention has disappeared; maybe they’re feverishly working on OAuth support?)

Jason Scott thinks it’s nuts to count on others to store anything you really care about, and says so in his delicate and nuanced way in a post called F*** the Cloud. He’s a digital historian, has saved lots and lots of data from extinction (he’s got a great new effort for doing more of that), and knows whereof he speaks.

On the other hand, as Jason points out, outsourcing data storage predates the Big Cloud Concept, and I don’t think we’re going to go in the direction of hoarding more data under our figurative mattresses rather than less. What assurances can we build in to ensure safe storage and protected sharing of hosted data? Jim Kobielus has a long and thoughtful post saying federation and federated identity need to permeate cloud architectures to solve this properly. I think he’s right.

Since this post has turned into something of a link roundup, I’d be remiss if I didn’t point to Hubert Le Van Gong’s note about the paper he, Susan Landau, and Robin Wilton authored on the subject of achieving privacy in an environment where identity data is being flung around with great force.

Federating, distributing, coupling systems loosely…the basic concepts aren’t new, just the degree of sophistication we’re finally achieving — and maybe the degree of risk.