Discussions

Cloud Computing Office Suite

+
0 Votes
Locked

Cloud Computing Office Suite

Jaqui
It's been said that such a service is both good and bad in several discussions.

So, what are the reasons for and against it?

Here are the starting off points:

Drawbacks / Concerns:
Loss of control of business logic
Possible [ probable? ( Google Docs ) ] exposure online of confidential data.
Loss of control over accessibility, you can do nothing if the service goes down.

more?

Benefits:
Disaster recovery, you have off site storage of critical data with real time backup, so a disaster striking the office doesn't cost you any data loss.
Accessibility, everyone in the office has full access to their work tools, anywhere.

more?

What would such a service have to have to make it a viable option?
  • +
    0 Votes
    Tony Hopkinson

    Those concerns need addressing, 'even' if it's just the legislative demands.

    DR is an assumption as well, did you see this one.
    http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=311895&messageID=3101744

    Not a mistake I think you'd make, but some way of proving the Quality would go a long way.

    The technical issues can be addressed or at least aemliorated, my problem with it, is the logical endpoint of the concept. The one where I can have the service Jacqui provides at the prices Jacqui sells it because all the alternatives are now gone....

    A key point is what you are offering, the application, document store, or both and what market you are going to target. If it's me at home wanting to do a nice letter, or me at work wanting to do one.

    +
    0 Votes
    Jaqui

    that's one of the reasons I figured a specific discussion would be a good thing, to get it clearly stated exactly where the cons are, and what would need to be done to address them.

    +
    0 Votes
    Tony Hopkinson

    compared to the "Buy into this crap so I can make some money" manouever we keep getting.

    For personal use, would I like things to be able to access this sort of functionality and my data without have to install and carry it about, **** yes.

    Are there times when I need to be able to work while disconnected, yes.

    I don't see how you put both those requirements together and end up with a viable proposition.

    Throw in data mining versus secure data, proprietry formats versus open, backup and recovery being personally applicable versus trusting some third party to do it. Legistalive obligations, particularly national and international ones.
    I mean if you went bust how would I get my stuff back, when I did can I access it, how do I prove that I'm covered to an audit. Offloading a risk does't address it, it simply shifts it.

    This model requires a huge amount of trust, and the more critical the function the less I should trust.

    So my question to all cloud proponents is what makes you as trustworthy as me. Their response is , you don't need to worry about that. At which point I decide that they are not, and act accordingly.

    +
    0 Votes
    NotSoChiGuy

    1). Addressing the concerns of data privacy. If there was a way to make it so that only the client could access any of the files in the cloud, that would go far. (this is speaking more to sys admins snooping files and/or restoring backups to a thumb drive for resale later on than full on crack attempts)

    2). Ensuring that there is failover/redundancy of some sort. Put another way, it should be demonstrable to a client that there is no single point of failure from a hardware or connectivity perspective.

    3). Demonstrating that all reasonable security measures have been taken to prevent cracking of the system and/or file, and what measures are in place should an intrusion occur.

    4). Addressing who owns the data once the service is terminated is another big one. It should be pretty clear what happens to the data if the client should choose to terminate services.

    Those are the big four that jump out at me right off the bat. In a enterprise security class I just completed, we spent a couple of weeks discussing this topic, and these were generally the 4 main points all the students agreed upon, for whatever that may be worth.

    Hope this helps!

    +
    0 Votes
    Tony Hopkinson

    The fact that it's even an issue shouts very loudly why the entire concept should be in the bin from day one.

    +
    0 Votes
    NotSoChiGuy

    ...at a former employer. It wasn't for an office suite, though, it was for applicant tracking (resume storage db).

    When we finally got a 'copy' of the applicant information, it was totally unusable. The former service provider was happy to provide 'consultative services' to convert the db; at a price that outstripped what we would have paid for 6 months of service.

    All I can say I had no vote in deciding to use them in the first place, and I didn't make the call on what to do with the data.

    Sometimes, no responsibility is the best level of responsibility!! :)

    +
    0 Votes
    Jaqui

    The problem with #1, could only be addressed by an NDA, and that is only as strong as the ethics of the system admins with access to the server(s).

    #2, that, to me, is an "of course" item.

    #3 the question is then: How do you demonstrate that?

    #4, naturally, a service contract would have to specify it, and I can't see ANY company being stupid enough to use a service that didn't state the CLIENT owns the data that the client puts into the system.

  • +
    0 Votes
    Tony Hopkinson

    Those concerns need addressing, 'even' if it's just the legislative demands.

    DR is an assumption as well, did you see this one.
    http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=311895&messageID=3101744

    Not a mistake I think you'd make, but some way of proving the Quality would go a long way.

    The technical issues can be addressed or at least aemliorated, my problem with it, is the logical endpoint of the concept. The one where I can have the service Jacqui provides at the prices Jacqui sells it because all the alternatives are now gone....

    A key point is what you are offering, the application, document store, or both and what market you are going to target. If it's me at home wanting to do a nice letter, or me at work wanting to do one.

    +
    0 Votes
    Jaqui

    that's one of the reasons I figured a specific discussion would be a good thing, to get it clearly stated exactly where the cons are, and what would need to be done to address them.

    +
    0 Votes
    Tony Hopkinson

    compared to the "Buy into this crap so I can make some money" manouever we keep getting.

    For personal use, would I like things to be able to access this sort of functionality and my data without have to install and carry it about, **** yes.

    Are there times when I need to be able to work while disconnected, yes.

    I don't see how you put both those requirements together and end up with a viable proposition.

    Throw in data mining versus secure data, proprietry formats versus open, backup and recovery being personally applicable versus trusting some third party to do it. Legistalive obligations, particularly national and international ones.
    I mean if you went bust how would I get my stuff back, when I did can I access it, how do I prove that I'm covered to an audit. Offloading a risk does't address it, it simply shifts it.

    This model requires a huge amount of trust, and the more critical the function the less I should trust.

    So my question to all cloud proponents is what makes you as trustworthy as me. Their response is , you don't need to worry about that. At which point I decide that they are not, and act accordingly.

    +
    0 Votes
    NotSoChiGuy

    1). Addressing the concerns of data privacy. If there was a way to make it so that only the client could access any of the files in the cloud, that would go far. (this is speaking more to sys admins snooping files and/or restoring backups to a thumb drive for resale later on than full on crack attempts)

    2). Ensuring that there is failover/redundancy of some sort. Put another way, it should be demonstrable to a client that there is no single point of failure from a hardware or connectivity perspective.

    3). Demonstrating that all reasonable security measures have been taken to prevent cracking of the system and/or file, and what measures are in place should an intrusion occur.

    4). Addressing who owns the data once the service is terminated is another big one. It should be pretty clear what happens to the data if the client should choose to terminate services.

    Those are the big four that jump out at me right off the bat. In a enterprise security class I just completed, we spent a couple of weeks discussing this topic, and these were generally the 4 main points all the students agreed upon, for whatever that may be worth.

    Hope this helps!

    +
    0 Votes
    Tony Hopkinson

    The fact that it's even an issue shouts very loudly why the entire concept should be in the bin from day one.

    +
    0 Votes
    NotSoChiGuy

    ...at a former employer. It wasn't for an office suite, though, it was for applicant tracking (resume storage db).

    When we finally got a 'copy' of the applicant information, it was totally unusable. The former service provider was happy to provide 'consultative services' to convert the db; at a price that outstripped what we would have paid for 6 months of service.

    All I can say I had no vote in deciding to use them in the first place, and I didn't make the call on what to do with the data.

    Sometimes, no responsibility is the best level of responsibility!! :)

    +
    0 Votes
    Jaqui

    The problem with #1, could only be addressed by an NDA, and that is only as strong as the ethics of the system admins with access to the server(s).

    #2, that, to me, is an "of course" item.

    #3 the question is then: How do you demonstrate that?

    #4, naturally, a service contract would have to specify it, and I can't see ANY company being stupid enough to use a service that didn't state the CLIENT owns the data that the client puts into the system.