Not all that long ago, the concept of data ownership was a total nonissue. Most organizations stored their data in their own datacenter, and the question of who actually owns the data was hardly ever asked. Today things are different. Cloud services have become the norm and have occasionally called into question who actually owns (or can use) an organization’s data.
Who owns your data?
The reason why the issue of data ownership has become somewhat unclear is because oftentimes organizations are not in direct possession of their data. There is an old saying that possession is nine-tenths of the law. Right now, businesses and consumers alike seem to be wrestling with the question of whether possession of data equates to ownership of that data (or if not outright ownership, then a license to use the data).
Let me give you an example from the world of consumer electronics. A company named Ring sells video doorbells to consumers. When activated, these doorbells send a live video feed to a smartphone, making it possible to see who is at the door.
So before I go on, I want to clarify that I am not suggesting that Ring is doing anything wrong, or that they are trying to improperly claim ownership or use rights for anyone’s data. I am only mentioning Ring to illustrate the complexities of data ownership.
So now that I have explained what the Ring video doorbell does, who do you think actually owns the video data that the doorbell creates?
It would be easy for a consumer to assume that they own the recordings made by their video doorbell. After all, the consumer is paying for the device, and paying a subscription fee that allows them to record whatever the camera happens to pick up, and the recordings are being made at the customer’s own home.
On the other hand, the consumer is not in direct possession of the video data. Rather than storing video recordings on-premises, the Ring doorbells store video data in the Amazon cloud. So does the consumer own the data, or is it owned by Amazon or by Ring?
I will be the first to admit that I do not know who owns the recordings that are generated by Ring doorbells. I’m sure that the issue of data ownership is probably spelled out somewhere in a terms of use document.
SaaS applications
Even though I used Ring video doorbells to illustrate the complexity of data ownership in a cloud-first world, data ownership issues are by no means limited to Ring doorbells, or to consumer electronic devices. Consider how many business applications are currently available as software-as-a-service (SaaS) applications. In most cases, a SaaS provider hosts their SaaS application and also stores the data that the application generates. Microsoft Office 365, for example, stores Exchange Online and SharePoint data in the Office 365 cloud.
Whenever possible, organizations should back up their SaaS data. This not only protects the data against accidental loss, but it also provides the organization with a tangible copy of its SaaS data. Thankfully the major backup providers offer solutions for backing up popular SaaS applications.
As important as it may be to regularly back up your SaaS data, it is equally important to familiarize yourself with the SaaS provider’s terms of service. While it is true that SaaS providers likely store your data on encrypted storage, it is also likely that the SaaS provider maintains control over the encryption keys that are used when accessing the data.
In a perfect world, a SaaS provider would have no interest in their customer’s data. In reality, though, there is a very real possibility that a SaaS provider might derive some sort of benefit from their customer’s data. A SaaS provider might sell data (or insights into the data) to advertisers, government agencies, research analysts, or even your competitors.
Are we about to see a mass migration away from the cloud?
I recently attended a well-known technology conference. Although the information being presented by the various speakers was great, just as I knew that it would be, the most interesting part of the conference had absolutely nothing to do with the official curriculum.
While walking through the conference center I overheard someone (presumably a consultant) telling another attendee that lately, nearly all of his business was coming from companies that had bought into all of the cloud hype, but who now wanted him to help them move their resources out of the cloud and bring those resources back on-premises.
Being that I was just passing through, I didn’t hear the entire conversation. I assumed that the consultant had probably managed to tap into a niche market. I thought that perhaps he had helped one client to get out of the cloud, and that word had spread and now he was helping other dissatisfied cloud customers to move their cloud-based resources back on-premises.
I have to confess that I really didn’t give any more thought to the conversation until later that afternoon when I heard a different consultant saying almost exactly the same thing. Throughout the conference, I heard at least four different people saying that helping companies to get out of the cloud was turning into big business for them.
If I had only heard one person mentioning helping people to migrate away from the cloud, I would have assumed that the person was servicing a niche. If I had heard two people talking about customers migrating away from the cloud, I probably would have dismissed it as a coincidence. But being that four different people were discussing migrations away from the cloud, one has to consider whether this might be a reflection of a larger trend.
Data ownership and the cloud
Of course, the larger, and more important question is what is driving people away from the cloud? Is the cloud failing to live up to the hype? Are people dissatisfied with the pricing model? Or, could the trend be tied to the issue of data ownership and data sovereignty?
The last few years have seen numerous allegations of big tech companies spying on the people who use their services. Regardless of whether or not these allegations ultimately prove to be true, I think that they have bred a measure of distrust for big tech. If that is truly the case, then it seems only natural that companies will begin walking away from service providers that they consider to be untrustworthy, opting instead to use a different provider or to move certain workloads back in-house. After all, data leakage and breaches can have devastating financial consequences, and companies simply cannot afford to take a chance on a cloud provider that plays games with subscriber data.
Featured image: Pixabay
