15 posts categorized "Cloud"

Circling back on Dropbox

Because a couple of years ago we unpacked, in a post here and in a follow-up post, the details in that devil of an iteration of legal terms of service from Dropbox - a version that had users worrying that the company would mine their uploaded files for nefarious corporate purpose - I thought we should circle back and formally acknowledge that Dropbox has (again) received high marks from a famous, progressive privacy watchdog, the EFF.

Here's a link to a new, 2013 iteration of the EFF report, "Who Has Your Back: Which companies help protect your data from government?"

Dropbox gets five stars out of a possible six. Only Twitter and Sonic.net score better.

Dropbox icon(True, I'm comparing an apple and orange here. The ToS flap was over how Dropbox might monetize user content. The EFF report is about actions and policies Dropbox takes and follows with respect to government demands or requests for user content. Not the same thing.)

And here's a personal endorsement.

I get a lot of mileage out of Dropbox. It's a terrific service, and so far they haven't asked a thing of me, not even to expose myself to ads. So far, when I've hit my storage limit, I take that as an occasion to cull folders and big files I no longer need.

Thanks to Ken Priore for a tweet that gave the heads up.

Insurance take on Cloud risks

Here are some points picked out from a talk by Seattle lawyers David Brenner and Bruce Goto this morning:

  • "Notice [of data breach] is the big driver of liability." This based on the two or three years of case law since the advent of the era of huge data breaches.
  • Lesson would seem to be, defeat class action lawyers by being good about notice. Though notice not a cakewalk: 47 state notice statues to comply with in US alone. Damage to reputation expensive to deal with in other ways, too.
  • Microsoft really figuring this stuff out from a risk management perspective, though industry as a whole still developing.
  • Don't assume cloud industry practices on data management meet legal standards on "exspoiliation" (this has to do with litigation and rules on the integrity of evidence).
  • Negotiating good contractual provisions is not as important as doing diligence on the provider. Ironically, the cloud service providers you may have more negotiating leverage with may be the riskiest to trust your data with.
  • You can try, but best vendors aren't likely to change their provisions on IP, warranty, indemnity, caps on liability. Your efforts likely better spent negotiating price. "These [cloud service agreements] are the new end user license agreements, in many ways."
  • Relative to new forms of activity, insurance industry cycles from old forms of insurance, to express exclusions, to restrictive forms, to new revised coverage. Insurance industry is now at point of issuing restrictive forms of coverage. Claims today are being litigated under old forms and terms of first generation exclusions.
  • No standardization yet of cyber insurance, though new policy categories surfacing: tech E&O; media; privacy; and security.

Errors in hearing or interpretation are mine.

King cloud

Photo: Karen Ka Ying Wong / Flickr.

AWS marketing event

Monday night this week I went to an AWS meetup in the South Lake Union area.

My ability to navigate and make use of AWS is quite modest. I have a static website on S3 that I use as a personal profile. I also store pictures and serve up some JOBS Act materials and other documents from S3 (though, when it comes to documents I post for linking to from this blog, I often just use Dropbox).

But I want to learn to do more and "self provision" more. This Seattle restaurant list, inspired over the course of an M&A closing celebration dinner, is my latest modest effort.

All by way of saying that the specific information presented at the AWS meetup was beyond me. During the presentation I happened to sit next to a woman I know, an engineer versed in databases, and she understood everything. Part of the discussion was about making sure that the parallel instances you are running of your application are on servers located in different physical locations. She asked a question about pricing that revealed she had already been working with these features.

I'm still working on how to link different pages in a bucket to the index file!

There's a sense of community at these AWS events that I like. Not community in the sense of people who already know each other or live next-door to each other or work in the same building. Community in the sense of shared interest about the frontier of self empowerment.

AWS marketing event

AWS Senior Evangelist Jeff Barr presenting.

Day One

Last night I went to a public relations event put on by Amazon Web Services in the middle of their South Lake Union campus. (Shout out to my friend, the amazonian IP lawyer, Hillary Nye, who went with me and talked to 5x as many people.)

2011-10-04_18-39-19_88I love the energy in the South Lake Union neighborhood. Sure, the architecture should have been more ambitious, but the countours of the neighborhood retain the character of the area's light industrial warehouse past.

I hear from several sources that things on Microsoft's Azure run faster, but what really epitomizes the cloud better in the popular mind than Amazon Web Services?

Hillary and I arrived late, but we grabbed beer and negotiated our way to the sausages and pretzels - left of the stage where an AWS evangelist was already speaking. Hillary struck up a conversation with a laid back woman standing by the pretzels, and we bantered with her about the event, the food, the new Kindle, what not. Hillary offered to get her a plate of food, but the woman said she would wait till she was done speaking. Turns out she was Alyssa Henry, in charge of storage services on Amazon's cloud! That's her speaking on the left, below.


Everything is in Seattle's backyard, virtually and physically; and the people making and managing everything, they hang out here, too.

2011-10-04_18-38-30_847The locus of American history is in lower Manhattan. The locus of America's digital future is in Seattle. California is an afterthought.

AWS Termination Provision

This tweet from the Hacker News Bot, that "Amazon announces AWS GovCloud for U.S. government agencies," made me want to peek at the current termination provisions in the AWS Customer Agreement.

Rolling Stones - Get Off Of My Cloud(Because, well, what if the government failed to pay its bill? Or did something else to violate Amazon's terms or get itself kicked out of Amazon's cloud? Hopefully the Treasury has some pull with the Department of Defense and the latter has some excess capacity to carry essential government services.)

Here's what the AWS Customer Agreement says currently about Amazon's right to terminate services:

"We may . . . terminate this Agreement immediately upon notice to you (A) for cause, if any act or omission by you or any End User results in a suspension described in Section 6.1, (B) if our relationship with a third party partner who provides software or other technology we use to provide the Service Offerings expires, terminates or requires us to change the way we provide the software or other technology as part of the Services, (c) if we believe providing the Services could create a substantial economic or technical burden or material security risk for us, (D) in order to comply with the law or requests of governmental entities, or (E) if we determine use of the Service Offerings by you or any End Users or our provision of any of the Services to you or any End Users has become impractical or unfeasible for any legal or regulatory reason."

An "End User" is "any individual or entity that directly or indirectly through another user: (a) accesses or uses Your Content; or (b) otherwise accesses or uses the Service Offerings under your account."

The referenced Section 6.1, describing the suspension which may also trigger outright termination, states:

"We may suspend your or any End User’s right to access or use any portion or all of the Service Offerings immediately upon notice to you if we determine: (a) your or an End User’s use of the Service Offerings (i) poses a security risk to the Service Offerings or any third party, (ii) may adversely impact the Service Offerings or the systems or Content of any other AWS customer, or (iii) may subject us, our affiliates, or any third party to liability; (b) you are, or any End User is, in breach of this Agreement, including if you are delinquent on your payment obligations for more than 15 days; or (c) you have ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of your assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding."

So if the standard terms apply to a government, then the answer to my parenthetical question would seem to be that, yes, Amazon could kick the government off for nonpayment. Or for other broadly stated reasons.

But I imagine the AWSGovCloud service will have its own special provisions that override the default customer agreement. (Some supplemental terms for specific AWS services can be found here, but I don't think special AWSGovCloud terms are there, or were not as last night.)

Property Is Not the Right Metaphor

As a society, we haven't yet found an adequate metaphor for the disparate interests that mash together in the data centers of cloud providers.

The New York Times reported Tuesday that the FBI had seized servers in a data center in Virginia, causing the businesses of several (apparently) non-targeted companies to go offline:

"Mr. Ostroumow said that the F.B.I. was only interested in one of the company’s clients but had taken servers used by 'tens of clients.' He wrote: 'After F.B.I.’s unprofessional "work" we can not restart our own servers, that’s why our website is offline and support doesn’t work.' The company’s staff had been working to solve the problem for the previous 15 hours, he said."

He may have also said that "our attorney is also at work."

Screen shot 2011-06-21 at 6.45.52 PMRemains to be seen who the FBI is pursuing, but it already appears that the seizure was excessively overbroad and could hardly stand traditional due process scrutiny.

A root problem may be that we're taking property metaphors too much to heart and don't have ways to think about the appropriate workings of police power in the cloud. The metaphor of property doesn't really apply. A server is not a house, or an apartment, or a garage, or a trunk, or even a cell phone. While a given server in a data center has physical dimensions, it functions more as a kind of anti-property. It's a curious thing, to have the form of an object, while representing something without a fixed location, a place in space.

I don't know what the right metaphor is but my sense is we should shift the police power back to a focus on persons and their offline habitats and away from the cloud.

Data Centers = Sexy Business

At a public event on the Amazon campus last night, James Hamilton of Amazon Web Services said there's been more innovation in data centers in the last five years than in the prior 15.

He explained why in a way that sounded less like Amazon was prescient, or brilliant, or simply leveraging excess capacity, and more like the company was simply innovating around the problem at the center of its business.

2011-06-07_19-18-02_12The sweet spot for an insurance company is in assesing risk, he said; for a hedge fund, in analyzing a market. Those and other businesses need data centers but won't find the management of them interesting. Amazon's core business is in a very real sense all about managing data centers. Innovate there well enough, at a large enough scale, and you have, not the cost center that others see, but the discovery of what makes Amazon's own business interesting.

Scale does odd things. A data center of moderate size, Hamilton said, might have 10 servers here, 5 of another type, a dozen of a third, running a variety of different platforms and applications. It would be stupid not to have people running the data center "manually." Take the scale up into the hundreds and thousands, and it would be stupid not to automate absolutely everything you possibly could. And yet, ironically, because at the scale of AWS or Microsoft's cloud personnel costs go to zero, you will pay people well to iterate on every small improvement they can develop for the system.

An example of how Hamilton sees miniscule concerns in high definition with surround sound: "Air is an incredibly expensive fluid to move," he said. He talked about what the industry is doing to realize "air side economization" in keeping data centers running within acceptable temperature ranges. Many today, he said, aren't air conditioned at all. How high can you raise the temperature of a data center? The answer to that, he said, "requires courage, and lots of data."

Everything to date has been about the servers, Hamilton said, before predicting that a sea change in networking comes next.

Photo taken more or less from the heart of Amazonville last night.

Related Posts with Thumbnails