Do Internet companies keep your data safe?

You have probably come across the scandal that has drawn incredible media attention lately involving PEN America, The Guardian, The New Yorker and ArtNet. Entire blog and Gmail account of a famous artist Denis Cooper were deleted by Google without a warning. His 14 years of original work has vanished without a trace.

Incidents like these remind us that no man is invincible and no cloud is too big to fail. This raises a legitimate question is your data safe in the cloud?

If it’s up in the cloud it may go down.

We all got used to keeping our data on the Internet — our articles on Medium, our discussions on Reddit, our resumes on LinkedIn, our photos on Facebook, assuming since everybody uses them, they are failure-free. If your platform runs smoothly, it still does not cancel Lubarsky’s Law of Cybernetic Entomology, that says “There is always one more bug,” meaning it’s just not possible to write an error-free program. In view of the fact, that every year approximately 4 cloud storage service providers go out of business, even the biggest might vanish along with your data. Nothing lasts forever and while a cloud is always at your fingertips ready to absorb enormous aggregation of information, it is just as vulnerable as everything else on the Internet to cyber threats like DDoS attacks, malware injection, account hijacking, server failure and the like. Come to think of it, if a cloud shuts down the hosting provider does not have to transfer your data to another one; at the best, it will simply return it to you before you find another provider.

If you don’t own it — you don’t control it.

Since you don’t own the server, you are on a guest privilege, abiding by the rules of the host, who can kick you out at any time. Dennis Cooper is updating the story of deleting his blog on Facebook, “On Monday, it will be a month since Google disabled my blog and email account. They continue to offer not a single word of response to me or to anyone.” Why should they? As Andy Baio wrote in 2015 about Google abandoning once cherished the past, “As it turns out, organizing the world’s information isn’t always profitable. The desire to preserve the past died along with 20% time, Google Labs, and the spirit of haphazard experimentation. We can’t expect for-profit corporations to care about the past.” The bottom line, Internet corporations are far from being the Librarians whose mission is to protect a secret collection of artifacts, so you cannot rely on them to save your data forever.

If you don’t have offsite backup you don’t have any.

Nevertheless, as CloudTech reported this July the research, conducted by analyst house, “which surveyed more than 300 small to medium US businesses to measure the benefits and challenges of cloud-based backup, found that 87% of respondents said online backup was either equally or more secure than on-premises equivalents. Only 2% argued online backup was much less secure.”

Some of us already celebrate the World Back-up day remaining blissfully ignorant about backup practices at the cloud storage service providers. The backup system in most cases comes down to copying data to another file in the same data room so that a power failure or other calamity might very well destroy it together with the original.

So hear Dennis Cooper, who has learned it the hard way, “I definitely realized how unbelievably lazy I was not to back it up. It was a complete delusion that I wouldn’t have to worry about it because everything had gone so smoothly. If I do get the blog back I’m going to move it to my own domain. I would not advise people to put stuff in the cloud and think it’s safe.”

If you delete it, you don’t destroy it.

Just as saving information is a part of keeping it safe, destroying it is of no less importance. This is a good reason why many offices dealing with sensitive information were equipped with not so long forgotten shredding machines. This is the reason a question arises, is it actually gone for good, when you ask your storage provider to delete it?

Cloud providers don’t free the memory manually the moment you ask for it. They use a garbage collection memory management, where first you mark the data and later actually sweep it. How much later? As Wikipedia puts it, “The moment when the garbage is actually collected can be unpredictable, resulting in stalls (pauses to shift/free memory) scattered throughout a session.” According to the survey by Mark Henriques and James Ding, “Most of the tech giants imply that data will be unavailable after a period of time. Some specify the duration — 90 days for Facebook, and 60 days after account inactivity for Microsoft. Others, like Google, Dropbox, and Amazon, do not state a period at all.”

That is unacceptable for many industries binding themselves to keep confidential sensitive information, such as medical records, personally identifiable financial information, passport or Social security numbers, bank credentials, trade secrets, customer records etc. Healthcare, insurance, financial institutions and online stores dealing with highly sensitive information are better off to settle for solely dedicated servers that can provide the highest security level, and full control.

If your business needs dedicated servers operating 24/7, while cutting on internal IT costs up to 50%, it might be wise to settle for an IT outsourcing. A good server management company will help you with all sysadmin issues, providing security and performance tuning, “squeezing” the most out of both hardware and software. If you mail to your IT requirements (including existing configuration and migration plan) you will receive a custom-tailored offer.

Originally published at