Should Cloud Computing Service Providers Screen Potential Customers?
The World Wide Web is full of articles advising consumers on what they should look for when choosing a cloud provider, how they should negotiate contracts with providers, what danger signs they should be aware of and a plethora of other advice. However, an extremely illuminating article that I read recently on IT World (See: What should cloud providers know about their customers?) made me think from the other side of the fence – “Should cloud computing service providers screen potential customers?”
Many would consider this line of thinking ludicrous. After all, what business it is of cloud providers to screen customers, as long as they pay for services rendered? Do other sellers of goods or services screen customers? Turns out, many do. If you were to go to a bank and open a safe deposit box, the bank will definitely run a background check even if they don’t scrutinize what you actually keep in that deposit box. Whether we like it or not, we live in dangerous times where criminals and terrorists are getting increasingly sophisticated by the day. Therefore, vetting customers who would be granted access to systems that are used by other customers to store confidential and proprietary information may not be unreasonable.
There are other considerations at play here. Under the PATRIOT Act, American investigating agencies have sweeping powers of search and seizure that extend to the realm of cloud computing as well. Whether we like it or not (See: Is Cloud Computing a Threat to Consumer Rights? ), whether it adversely affects business or not (See: Your Data in Australia is subject to the US Patriot Act), companies have to follow the law. While I am not a lawyer, I am sure that the FBI wouldn’t look kindly on a cloud provider who takes on a terrorist organization as a customer.
Finally, there’s the matter of being accountable to shareholders and other customers. All cloud computing companies have terms of service that must be adhered to. In that light, preemptive screening may actually help reduce monitoring costs and prevent Amazon’s WikiLeaks fiasco (See: Cloud Computing and WikiLeaks: Was Amazon’s action justified?). Please note that I neither endorse nor condemn Amazon’s actions in this regard, but am trying to present a balanced opinion.
As it happens, some companies are already thinking along these lines. The aforementioned article that set me thinking mentions a blog post (See: IBM Vets IaaS Customers To Ensure Security) which reported an interview with an IBM executive who was quoted saying, “An individual can’t simply sign up with a credit card” to use IBM services. Rich Lechner, vice president of cloud for IBM’s Global Technology Services unit, stated that IBM monitors the identity of each customer using its cloud service so that they know “who is in the building.”
Other organizations did not categorically deny such screening. Amazon Web Services spokesperson Kay Kinton had responded to an email saying, “We do not inspect customer data,” but then mentioned the use of “sophisticated screening up front to protect against fraud and abuse before customers are allowed to consume our services and then to scale.”
Personally speaking, I would not be surprised if some screening procedures are already in place. As for the justification of such actions, I will let you decide.
By Sourya Biswas