Google Asks 'Who Cares Where Your Data Is?' 241
mask.of.sanity writes "The chief security officer for Google Apps, Eran Feigenbaum, said popular concerns over data sovereignty in outsourced environments are unwarranted. He said businesses should worry about security and privacy of data, rather than where it is stored. The comments clash with those made by IT pros including Gartner, who said cloud providers like Google can't be trusted with sensitive data."
Encrypt it then (Score:5, Insightful)
If the data is sensitive, you should be encrypting it anyway before passing it along to a third party thatr has no business looking at it. If the data isn't sensitive enough to encrypt, why do you care where Google keeps it?
Obligatory XKCD (Score:2, Insightful)
http://xkcd.com/908/ [xkcd.com]
Gartner says this? (Score:3, Insightful)
I'm sorry, but on the trust scale, Google, who has yet to lie to me, wins big over Gartner, who lies through their teeth every time they review a product. I still recall Gartner recommending WinME. 'Nuff said there....
Re:Encrypt it then (Score:5, Insightful)
Your post fails to consider the completely reasonable choice of not handing your data off to a third party in the first place. . .
What! (Score:4, Insightful)
Re:Gartner says this? (Score:4, Insightful)
I don't trust Google with my sensitive data because I assume it will be analyzed, packaged, and sold to marketers and advertisers. I have some faith that it is anonymized first, but even still I don't like it and you have to wonder how anonymous the data actually is.
I would rather retain 100% control of access to my data.
Ummm... What? (Score:4, Insightful)
Where data are, in part, determines what laws(and de-facto uses and abuses of power) they are subject to or subject to the protection of. In a number of cases(including the not-exactly-economically-insignificant case of EU businesses working with American cloud entities...) it might even turn out that storing certain sorts of data in some jurisdictions means that a given entity is in violation of data protection laws at home because the data protection laws are insufficiently strong where they are storing data.
Things like whether or not you are getting hacked by lulzsec are, of course, also important; but(until Google transforms itself into a cypherpunk utopia or sprouts a formidable nuclear deterrent), location is right up there with hackers in determining how likely your data are to be absconded with against your wishes. And(unlike hackers) you can't really code your way past the feds...
Re:Encrypt it then (Score:5, Insightful)
But if it's sensitive, it should still be encrypted, even if it's in your datacenter.
Re:Encrypt it then (Score:5, Insightful)
Your post fails to consider the completely reasonable choice of not handing your data off to a third party in the first place. . .
That is not a reasonable choice if you're a manager who's going to get a big bonus for shipping your data off to 'The Cloud' so you can close down your own data center.
Oh Please! (Score:2, Insightful)
I didn't hear anything about Sony having their data outsourced. It didn't seem to do any good to keep sensitive data on their own servers. I think the lesson here is that all data on any networked device is at risk.
Re:Obligatory XKCD (Score:3, Insightful)
Yeah, but this time I think it is relevant.
I very much care if my data is in Hat Guy's living room.
Re:Gartner says this? (Score:5, Insightful)
Different jurisdictions have different laws on the books about what data are considered specially protected, what data are an open book for the local feds, and what data require some sort of judicial approval(and to what degree that approval is a serious consideration or a simple rubber-stamp). Therefore, the jurisdiction in which your data are located(or where your outsourcing partner has offices large enough that the local feds can motivate them to comply) is part of rather than opposed to worrying about the privacy and security of your data.
Google certainly doesn't seem to be the worst when it comes to rolling over and wagging their tail for any jackboots who come calling; but anybody who thinks that they put up extra-legal resistance to any of the major powers in which they operate is, shall we say, under the influence of excessive optimism...
Re:Gartner says this? (Score:5, Insightful)
Um, but Google *is* definitely lying to you. You don't need to compare reputations. What Google is saying is simply, obviously wrong: that you can trust them with read/write access to your data. Sure, if your data is something that would be of minimal value, there's no harm in it leaking. But if your data is sensitive, then unless Google is willing to indemnify you for whatever damages you'll be liable for if the data leaks, you have a fiduciary responsibility not to store your data on a Google server. And as far as I understand it, Google is not willing to indemnify you for that (realistically, how could they?).
So independent of anything Gartner says, what Google is saying is at the very least misleading for the application they are talking about. The sense in which Google is right is that if you aren't taking any precautions to protect the security of your data, either because you can't afford to or because you don't know how to, then it may well be no *worse* for you to store your data on a Google server. But if that's the case, you don't care about security anyway, so Google's entire claim is moot.
Either or? (Score:5, Insightful)
Why should we be concerned only with security/privacy of data OR the actual location of the storage? Can't we care about both?
They don't believe it themselves (Score:5, Insightful)
How much are they willing to compensate me if they lose my data? What, they won't? Don't trust themselves?
location, location, location (Score:2, Insightful)
Google seems to be ignorant of the law (Score:5, Insightful)
First, it may actually be a legal requirement keeping the date in a certain jurisdiction. And second, any law enforcement or TLA access to the data will be governed by the laws of the place the date is physically stored. If the Google people do not understand that, one more reason to not hand your data to them.
PATRIOT ACT (Score:5, Insightful)
I care because I'm Canadian. If I keep my data up here it's not subjected to the almighty Patriot Act. Case Closed.
Why this "story" is terrible (Score:5, Insightful)
*sigh*. Okay. I thought it was obvious why this "story" is not quality discussion material, but I'll explain.
The article is presented as if its subject is Eran Feigenbaum's claim that "Professionals should worry about security and privacy of data, rather than where it is stored." But instead the article is a potpourri of quotations and facts unrelated to the main problem with the claim, which the article totally ignores. Any article on the subject of this claim needs to in some way establish that security and privacy can make location irrelevant, and I would expect the supporting statements of the article to do this, but nothing in the story even approaches this basic aspect of the claim. Instead, it is filled with a number of superficially-seemingly-related-but-ultimately-off-topic anecdotes.
After presenting Feigenbaum's main claim, the article presents a "supporting argument" by Feigenbaum: "He cited a meeting in Europe where he had tracked an email sent within an office as it bounced through five countries. In this circumstance, Feigenbaum said, security trumps data sovereignty." So email currently goes through a lot of countries when it is sent from one person in an office to another, where it is likely in plain text and can be read by any number of corporate and government entities. The only way this could possibly be construed as supportive of Feigenbaum's point is if read as "Email currently goes through many nations and it is secure enough". If read with any understanding of how the email system works, it undermines Feigenbaum's point.
Then the article has Michael Cloppert "support" the argument with the same type of claim: "I'm not convinced that the data location issue is a problem - after all, packets are routinely routed around the world irrespective of the export status of their content". Again, the argument is "this is what we're doing now, therefore it is secure enough". Actual security of information going through various nations is not addressed.
Then it presents the "other side" of the argument: There is no way you can know how Google is handling your data even though they assure you they are doing it well. And their contracts have lots of language that could excuse them from legal liability if that is not the case.
Then we go back the argument supporting Feigenbaum's main point. "He said customer data can only be accessed on a need-to-know basis". This does not support 5he argument that privacy and security make location irrelevant. "[L]ess than two per cent of Google staff had entered its top secret data centres". This does not support the argument that privacy and security make location irrelevant. "Google also stamped each hard drive with unique barcodes that allowed the company to track the lifecycle of data stored on each disk." This does not support the argument that privacy and security make location irrelevant.
Then we are presented with this: "But it did not encrypt data at rest, and had no immediate plans to introduce the protection." This makes it sound like location is very important to security and privacy--that someone could entire a facility by force and read the data.
The article acheives nothing other than quoting a single-sentence, questionable claim. It presents the claim, then a number of partially related statements that are presented as "discussion" of the claim but that actually have very little to do with it. I wouldn't be surprised if the article twists what Feigenbaum actually said for sensationalistic purposes.
This article represents the worst type of "journalism".
Re:Encrypt it then (Score:4, Insightful)
Just because the people in charge of your bonus are unreasonable does not suddenly mean that shipping the data off is suddenly reasonable. You might choose to make an unreasonable choice for personal financial gain, but from a data security standpoint, it's still unreasonable.
Re:Encrypt it then (Score:4, Insightful)
Sensitive or no, Google has no right to snoop on your data.
Yes, you're right, Google has no right, and Google doesn't snoop on your data...
Google will just hand it over to any Federal agency, pretty much on a whim, because said agency heard a rumor that your farts smell like a terrorists, and they will snoop on your data. Spank you very much Patriot act.
And all this talk of encryption is laughable for the same reason(like THEY don't have the keys to the commercial encryption "castle"?), unless you are willing to go well above and beyond any semi-standard keylength (like 4096+) to at least offer some level of difficulty.
Re:Encrypt it then (Score:4, Insightful)
Even Google doesn't believe that it doesn't matter where the data is. When Kazakhstan said all .kz domains had to be hosted in that country, Google just walked away from providing Kazakh-tailored search. "If we were to operate google.kz only via servers located inside Kazakhstan, we would be helping to create a fractured Internet," said Google senior vice president for engineering Bill Coughran.
I hesitate to agree with Gartner about anything, but you can't trust that Google won't not only turn over your data to any jurisdiction that asks, but will likely cooperate with and not try to contest virtually any sort of court order or even law enforcement request. With a government-agency level of threat model, though, you shouldn't be storing information on computers that are ever hooked to the internet.