Technology

The Cloud Can Rain on Your Parade

Cloud computing holds great promise and potential, but it’s not without risk.

September 23, 2013
/ PRINT / ShareShare / Text Size +

Recently, a salesperson for a core processor gave us an interesting proposal for dumping our hardware and moving to “the cloud.” The offer, illustrated with dozens of colorful PowerPoint slides, was full of quirky graphs and small print. Basically, however, it was summed up by this exchange:

Sales rep: “It will save you money.”

Me: “How about the security?”

Sales rep: “LOTS OF MONEY.”

Me: “But reliability? Speed?”

Sales rep: (Using $20 bills to wipe up some spilled Perrier water), “Did I mention money?”

Branching Out - cloud computingOn the cost front, the salesperson is probably right. By having our systems in-house, we’re constantly moving and adding servers, storage, and other expensive equipment only to discover the devices are often underutilized.

And all that fancy hardware takes expensive professionals to keep it running. Some days I wonder if exchanging our server room for a stable of thoroughbreds might be cheaper.

Indeed, cloud computing allows for data and services to be shared. But don’t expect to know for what, or how.

The entire process is baffling even to experienced personnel, not unlike your last safety and soundness exam.

Grappling with complicated IT issues is like interacting with your car mechanic, who hands you a tangled mess of metal and wires and tells you “this needs to be replaced.”

Confused and depressed, you hand it back and take out yet another mortgage on the house so your eight-year-old car can chug along until something else breaks.

But I digress. Back to the cloud.

In July 2012, the Federal Financial Institutions Examination Council (affectionately known as “that other regulator”) issued a statement that viewed cloud computing to be as risky as any other vendor relationship—perhaps only the 17,457th dumbest thing said by a regulatory agency that year.

Cloud computing shifts tremendous work and responsibility to others. It also means that you need to ask specific questions to those selling such systems, including:

“Where’s my data?” As with all mythical lands like Hogwarts and Congress, the cloud is not an actual place. Is it in Kansas? Florida? Or—gasp—North Dakota?

Not all localities have laws that protect your data. And many third parties outsource this, so even they might not know where your data resides.

“Who can see my data?” The typical salesperson answer here is that your data is held in a dark, secret lair only to be seen by your staff and approximately 11,000 NSA contract employees. In reality, however, it might be visible to the vendor’s entire staff, their subcontactors, and their sponsored World of Warcraft team.

“Where is your disaster recovery site?” Again, due to the mythical properties of the cloud, the salesperson might say the question is irrelevant, preposterous, or even stupid. If the salesperson says “You don’t understand the cloud,” your response should be juvenile and humorous.

“Can you guarantee a certain speed?” Your salesperson probably will claim that only Al Gore can guarantee the Internet. But if your spouse is like mine and watches endless hours of “Downton Abbey” online, you’ll understand how the phrase “happy wife, happy life” goes up in smoke when the word “buffering” appears.

“How easy is it to move from your cloud-based system to another?” Having options is supposed to be one of the primary advantages of cloud computing. But they aren’t selling options; they’re selling a cloud. In fact, many cloud systems are proprietary, just like your in-house system.

Some will say that cloud computing is the newest name for smoke and mirrors. For someone who regularly uses Google mail and other cloud apps, I would disagree. It’s powerful, amazingly inexpensive, and flexible.

But there’s one thing it is not: without risk.

JAMES COLLINS is president/CEO at O Bee CU, Tumwater, Wash., and Credit Union Magazine's humor columnist.

Cloud vendor - what risk?

Brian Fischer
September 23, 2013 10:52 am
My comment title echos a bit of sarcasm. Cloud vendors do promote speed, flexibility and low cost. All are true. But what are these vendors doing to ensure the security of your member data? Equally as important, what is the individual credit union doing to endure information security? Regulatory agencies place the responsibility for this squarely on the shoulders of the credit union. How do you work towards reducing this risk? Continue a multi-layered approach to information security including complete information security assessments and an in-depth due-diligence review of all vendors handling critical data including those in the cloud.


Flag Comment as Offensive

Post a comment to this story

Credit Union Magazine

Credit Union Magazine

October 2014

What's Popular

Popular Stories

Recent Discussion

Your Say: Have You Ever Suffered a Denial of Service Attack?

View Results Poll Archive