Google Asks 'Who Cares Where Your Data Is?' 241
mask.of.sanity writes "The chief security officer for Google Apps, Eran Feigenbaum, said popular concerns over data sovereignty in outsourced environments are unwarranted. He said businesses should worry about security and privacy of data, rather than where it is stored. The comments clash with those made by IT pros including Gartner, who said cloud providers like Google can't be trusted with sensitive data."
Re:Gartner says this? (Score:2, Interesting)
By now when I see that Gartner is at one point of an argument, the other party immediately gains points for acting against Gartner. It's starting to be like Godwin's law; once Gartner chooses your side, you loose :)
It all comes down to TOS. (Score:4, Interesting)
I'm not comfortable keeping data entrusted to me on a provider who can walk away from a data loss with no penalties due to the Terms of Service.
At least when it's on my systems, someone is going to take a fall for data loss, even if it's me. And I'm OK with that.
Re:Encrypt it then (Score:5, Interesting)
Sensitive or no, Google has no right to snoop on your data.
Besides, what may not be sensitive when you've got it, can become sensitive when someone else has got it.
For example: you and a friend both own half of a secret password. One piece alone is worthless, so you don't mind if Google knows your half. Similarly, your friend doesn't care if Google knows his half. Result: Google knows both halves.
What's true for passwords is also true for people's information profiles in general. Company A might know where you buy diapers, company B knows what movies you watch, company C knows your address, etc.
Re:Encrypt it then (Score:5, Interesting)
Even if the data is encrypted, if you're using a virtual server in The Cloud, then the server requires the key to decrypt it, and anyone with access to that virtual machine can then read the data.
Encryption would only make the data safe if you're reading it back from The Cloud, processing it, and sending updates back to The Cloud. Which would seem an odd way to do things unless you want to have access to the same data from multiple sites around the world.