Protecting Your Data and Contacts

Protecting Your Data and Contacts

Posted by: J. Alex Dalessio  
         
With the cacophony of news pouring out of every outlet these days - from the Olympics, Nobel Prizes, troop escalations in Afghanistan, to the earning reports of the big banks - you might have missed a medium sized story about some folks who lost their cell phone data. 
The story goes basically as follows:  T-Mobile Sidekick users were informed over the weekend that if they turned off or depleted the batteries on their devices, they were likely to loose all of the information on the device.  Those who had already done so, lost their data.  Once lost, T-Mobile informed its uses (in an it's not my fault apology) that chances for recovery of this data - including contacts, photos, calendar events, to-do lists, etc. - were "extremely low" (they have since said some data may be salvageable).  
How did a bunch of individual users simultaneously loose the data on their own phones?  Well, first you have to understand that the Sidekick, unlike most phones, does not store the information locally on the device.  Instead, T-Mobile worked with a partner, the aptly named Danger (a subsidiary of Microsoft), to host and store device data on servers, in a process increasingly referred to as "cloud computing".  
So why is this important?  Well, that depends on how you look at it.  A million people loosing contacts is, unless you are one of them, probably not a big deal to you.  However, the real story here is the movement towards the cloud and what that means for the safety and security of our data.  In this case we are not just talking about phone numbers and photographs, but business critical information, documents, entire email accounts and just about anything "e" you can think of. 
A lot of the response to this particular incident was that Danger (and Microsoft) behaved irresponsibly by not having the proper back up.  Across the forums, different people had different philosophies about what went wrong, who was responsible (e.g. those who manage the servers?  Or the servers, made by Hitachi?  Or Microsoft... well because people always like to blame Microsoft?), and why cloud computing is or is not a good idea.  Regardless of who shoulders the responsibility, this example shows the vulnerability of data when not stored locally. 
And what is this vulnerability?  Security?  Sure.  But when you entertain the tech interests as they come knocking, the slick salesperson will undoubtedly allay your fears and tell you all about the triple-redundancy of their back-up storage on different continents.  And he or she will be right - it will be safe then.  The Danger servers relied upon by T-Mobile have been in place for a while now, and they weren't necessarily always vulnerable (or maybe they were, but work with me).  Some say the failure of their systems in this instance was actually part of an upgrade that went wrong.  Basically, you buy a pitch about reliability, but 15 years later, what happens?
Over the past year, I have regularly been in discussions about storage, software hosting, and general business management practices potentially taking place in the cloud.  "It's the future," says everyone who stands to benefit from it.  "It's a terrible idea," say others.  "What is it, anyway, and hasn't it been around for years" say still others.  But regardless, the tech interests - Microsoft, Amazon, Google et al - are coming to a law firm near you to talk about how they can manage your data, make it easily accessible from anywhere, and do it for a fraction of the cost of hosting it all yourself.  This is all true.  But how do you know your business wont end up like the Sidekick?      
The first answer would be: talk to your provider, regularly.   But what if something doesn't sit right?  Can you even move your data in the cloud, e.g. from one cloud to another?  If you start hosting your firm's DMS in the cloud with a particular provider, does that mean you are tethered to that provider for... ever?  If this happens, is your data really yours anymore?  Or by choosing one proprietary method over another, are you essentially trading your data for easy access to the data?   
Data loss has always been a possibility; your storage unit could burn down, your basement could flood.  But if you were unsure about safety - you could always move it, to another storage unit, another basement.  You knew the threats and you knew your options. 
I hear people talk about security in the cloud and I understand, but I feel like what happened with T-Mobile should be easy to avoid.  Certain things should be automatic.  But this will only happen if the consumer demands it. 
Talk to your provider, make sure you have the type of back-up you need.  Ask all the impossible questions about how your data could be hit by asteroids or submerged by the effects of global warming.  Keep in mind this handy list of issues (thank you Andrew Blake):
  • Security: This question comes down to the policies set by the Provider, as a consumer, you’ll need to enquire about their security policies by finding out who has privileged access to your data, and understand why they do.
  • Legality: Make sure the that data and the processing that you are doing will not impede on any local jurisdictions of the area of where the Data Centre resides
  • Data Encryption: As your data is mixed with other users’, ensure that the encryption methods have been checked and tested thoroughly by experienced specialists
  • Recovery: Ensure you can recover a full copy of your data if something goes down, and how long that will take to implement.
  • Monitoring: Find out if the Cloud Provider supports investigations of any suspicious activity and they continuously log what is happening in the cloud
  • Availability: Your Cloud Provider is just another business, try to make sure that they are financially sound and will not go broke or be bought out by another company.
  • Regulatory Compliance: As customers are ultimately responsible for the security of their own data, ensure that regular backups are taken and you check the data for consistency as well as testing security and following best practices.
But the important question, in my mind, is "how easy is it to move if I am not happy with my service?"  As tech interests compete for your business and your dollars, ask them to make it easy to migrate.  This will keep them honest about protecting you, and keep you safe knowing you can take your business elsewhere if you are not comfortable.  If you don't, you can bet the technology will be proprietary, and you may end up under the wrong cloud. 
Be the hero, not the Sidekick.          
 
J. Alex Dalessio is a regular blogger and contributor to the LexisNexis My Ideas community.
   
Editor's note: Microsoft responded to the Sidekick data issue with this post by Roz Ho, VP Premium Mobile Experiences at Microsoft.