The banking & cloud connection

Some people are very worried about their data. They contend that data stored in the cloud is open to advert targeting, compromises legal ownership, open to theft and abuse (multi-tenancy arguably making this easier), legally accessible by many Governments and not exactly open (i.e. in silos) in terms of passing data between organisations. All of this is oppressive, reduces flexibility and is ultimately little different to proprietary software.

These feelings are attributed to practical experience, distrust of large organisation motivation, appreciation that data centres are inevitably farmed out to third-world countries and doubts over centralised security. On this latter point, certainly hackers could break your firewall accessing your personal data but the effort/risk simply isn’t worth it just for you. The same effort/risk for millions of people’s data is a different matter entirely (not exactly like locking your door when you’re not at home).

Cloud vendors including social networks aren’t (understandably) forthcoming about their security protocols. Key targets for security concerns are Google/Facebook since they have been most successful at getting our data to date.

People evidently believe they want control of their own data back. What options do they have? There are parallels here with the start of banking: 

1. Leave it where it is but demand more visibility/control. Cloud vendors can expose detailed controls to the user e.g. privacy/security/access/ownership etc. Some options free, maybe some on a payment scale e.g. reducing the level of advertising/data mining. This is complicated for consumers especially since they need to do this consistently across several services. They like things nice-and-easy.
2. Take it back. Putting your data back into your own network is impracticable. You need to remove duplicates, comply with legalities, elect who can access it, keep it current, ensure its connected to the newest services, access it remotely through your firewall, tag it, back it up, archive it, analyse it, share it and maybe sell it. You need USB keys to move data around and you’re at risk of direct physical loss/theft. You need to handle all this using common standards (so you know it can be accessed in future). Directly controlling your own data is a lot of work for all but the most paranoid/justifiably wearisome.
3. Leave it where it is but apply competitive pressure. Data portability allows you to pull your data out of one site and put it into another at will. This too is convoluted. It is also somewhat of a nuclear option in that consumers won’t actually do it unless cloud abuses are so flagrant (and widely reported) that they feel compelled to and competing sites exist that can import it using a common format and their friends do it too i.e. almost never. The threat of it is arguably enough to keep cloud vendors mostly honest. Despite making in-roads over the last year, Facebook comes in for most criticism here (since at time of writing, it doesn’t allow you to download your social graph or emails). Google with Chrome OS though will surely trump this (due to its sheer cloud nature) when released.
4. Leave it where it is but apply third-party pressure. It is still unclear how much pressure third-parties such as the Cloud Security Alliance, ENISA, general certification or indeed entire Governments can realistically muster against distributed clouds operating under multiple jurisdictions.
5. Give it to a specialist. A mostly utopian ideal is the concept of the personal data locker. This focuses on holding your identifying information, financial credentials and personal information e.g. allergies/airline seating preferences centrally online with a trusted dedicated organisation. With your permission, companies/services you subscribe to e.g. social networks pull data from your locker – each using it for their own value-add functions. It could also act as an agent – storing your purchase criteria - providing deals to you and perhaps even trading your data on a open market for a return.

Continuing our banking analogy, personal data becomes less about control and more about oversight, trust, commoditization, service differentiation, commission and regulation.

The obvious missing element with cloud/data is an open market for trading – much like banking/cash relies upon today. Google are fine getting into Enron-esque energy trading to moderate their data centre energy requirements. Why not building the foundation for a data trading market? They are ideally placed to analyse, quantify, monetize and then sell data. Will someone else steal the lead much like Facebook did with our social graph? Building a data trading market might actually allow them to build on Facebook’s social graph and make real money trading. It would create a commission-based eco-system where much needed data integration/consolidation/MDM could be funded. In this world, Facebook are relegated to merely banknote printer. 

Which consumer model above will prevail? Much like retail banking at least they all will. There’s no silver bullet. Some people prefer direct control/hoarding/easy access, others will trust specialists as they are too busy (and pay for the privilege), others will lobby Government (maybe they closely identify w/ a particular ideology).

Cloud has been around for ages (pre-1990 it was called - Terminal). It is only in the last decade though that there has been both a wealth of data and the widespread desire/capability to do something with it. An open data trading market is needed to consolidate and then drive forward personal data management.