Lots Of Cloud Risk, But No Cloud Insurance
Dropbox and Box have something like 400 million customers between them.
My sister told me today that she has scans of all of her ID´s, bank statements, personal files and her family photo archive stored in Dropbox, my brother-in-law uses Box for his small business.
I asked her how much she thought all of that was worth to her and the answer she gave me after thinking about it for a few seconds was “priceless”, I asked him and he answered “my entire business”.
If Dropbox´s and Box´s 400 million or more customers are anything like my sister or brother-in-law, then they safeguard the digital crown jewels of hundreds of millions of individuals and small businesses.
Box are much more business focused than Dropbox, they host files for approximately 40–50% of the Fortune 500 and have tens of thousands of paying customers who are usually businesses rather than individuals.
Collectively thats hundreds of millions of individuals and millions of businesses that store their files in Dropbox and Box.
The problem I have with this is that Dropbox or Box completely absolve themselves of all responsibility for keeping your data and files safe from theft, loss, cyber attack in their terms and conditions, its scandalous.
They want you to pay them and store all of your files in their cloud, but they take absolutely no responsibility if there is a cyber attack and your files are stolen, it says so clearly in their terms and conditions.
If bad cloud stuff happens its not their fault, also there is no SLA.
Any cloud provider worth their salt usually offers an SLA to their customers that guarantees service levels and things like uptime, security and backups.
Microsoft do, so do Amazon and so do Rackspace, but not Dropbox/Box.
That is not to say that one cloud service is better than the other, but just that they are Dropbox/Box are not doing something other cloud providers deem essential, promising minimum service levels.
At least the other large cloud providers do offer an SLA, but that is not much good either as most of the time as probably the SLA is a Lie.
What we actually want, not just for our personal cloud files, but business too is cloud insurance.
When I rent a car, I pickup insurance and because I travel a lot, I buy travel insurance. In pretty much every aspect of my life where risk exists, I have insurance to cover it, house insurance, car insurance and medical insurance.
But when it comes to some of our most valuable possessions, our personal and business files, not only do we trust them with people who seem to not care about them (judging from T&C´s), but we fail to insure them.
Its not our fault, when we buy cloud storage, the cloud providers completely fail to offer us sort of protection whatsoever, let alone cloud insurance.
Do not worry they tell us, we have cyber insurance.
Not only that, their cyber insurance is underwritten by Lloyds of London and covers us for up to 20 Million in damages should the worst happen.
They tell us that their organization is insured against the risk of bad things happening to their cloud and that their company will have funds made available to them by their insurance company to put things right.
What they do not mention is that their insurance does not extend to our data and files, they do not mention that their insurance will not financially recompense us if your files are lost or are stolen.
If we want financial compensation, then we need to hire lawyers.
As cloud customers, we seem to ignore the fact that they have failed to mention this and decide that the risk of moving all of our stuff to our cloud is worth taking, but I have no idea why we do, its kind of nutty really.
Even the most basic cloud consumer protection does not exist right now.
There are inherent risks in using cloud services, major cloud providers quite often suffer from cyber-attacks, downtime, data loss and data theft, its something we see more and more on the news, clearly an increasing trend.
Cloud risk is everywhere, but cloud insurance is not.
Cloud risk is everywhere and its the customers that carry that risk financially, not the people profiting the most from the cloud industry and those who do actually have insurance, the cloud providers.
No major cloud provider currently has a mechanism, agreement or plan in place to financially compensate their customers for downtime, cyber attacks, data loss or good old fashioned theft, not one of them.
Even worse they shift the responsibility for any of this risk onto their customers and then forget to tell their customers about it.
78% of businesses experienced a data breach in the last two years and recently published research by a European Security Agency has led it to warn, “The proliferation of cloud computing and the sheer concentration of users and data that cloud providers have are definitely an attractive target for attacks”.
Cloud providers are clearly very attractive targets.
The complete failure of the cloud industry to make its customers aware of the potential risks is scandalous, but when you also take into account that they also offer no insurance or protection, its borderline criminal.
Cloud risks in the form of data loss, cyber attack, downtime and theft are increasingly affecting more and more of us, but none of us have cloud insurance or any basic protections if the worst case scenario occurs.
There is a big gaping hole in the cloud industry where cloud insurance should be and its going to suck millions of cloud users into it if we leave things as they are and carry on ignoring the risks.
Nobody in the cloud industry is talking about cloud insurance, or the need to insure those digital assets of incalculable worth that we place into the cloud and under the cloud providers guardianship.
Something has to be done, but first we have to talk about it.