Trust in the Cloud

May 24 2014 Published by under information policy

That's not a "you should... ", that's a "do you...", or "should you..."

Centralization of IT services has the potential to save a lot for better quality support. Instead of little groups of servers in re-purposed closets or even decommissioned bathrooms, services are provided out of centralized data centers with UPS and backup power, expert support, etc. A local Maryland county library system is losing its IT - they will all be moved to the county IT department. While I have concerns that the larger department will understand how library systems work - that might be a good thing. Instead of special snowflake IT folks, there will be professionals that can cross train and have more backups. In academic institutions, the servers might be co-located, and the server maintenance might be done by a centralized IT, but there may be library systems employees that do the configuration, customization, and maintain the data.

Goodness knows there were plenty of stories of backups being done manually (or not being done) and also stories of people tripping over power cords, and oh, where I used to work (pre-library days) there was even an asbestos incident trying to put a vent in the decommissioned janitor closet door where the servers were and where they were overheating.

from, This work is licensed under CC BY-NC-ND

from, This work is licensed under CC BY-NC-ND

To take that one step further, maybe software as a service makes a lot more sense. Then you've got bigger data centers, with even more specialized staff (specialized in running data centers), fail over plans (you hope), and service level agreements for availability.  Libraries generally have good internet. For things like discovery services, this makes a lot of sense to me. For catalogs - I can see it if you're a small organization. I think MPOW is doing this for recruiting software, IT ticketing, and evaluation software (lab-wide - so not just library).

But... when you license a software as a service type thingy or cloud hosted application or whatever the real name for it is... do you do due diligence to check on the security? Do you know that your data that you are required to keep private (patron records are controlled by law in some states) are kept private? What availability is promised? Have there been major outages or (gasp) data losses - what happened and what will prevent that in the future? Can you get your data back out? How is the service paid for  - is it metered so if you use more, you pay more? Where exactly are the data centers? Does your employer have rules about your data being overseas? See more explanation of some of these things here ( )

With all that said, how about you personally? I know a famous librarian who has pulled her stuff from Google servers for various reasons. Amazon web services have had some outages. Most concerning is the recent issue with Dedoose, a software to help with qualitative research. I thought Dedoose sounded awesome and the way you pay for it sounds much more reasonable than the competitors. However, in early May, they had a big big problem. Inside Higher Ed has more on it here.

It sounds like some people might lose weeks worth of coding and analysis. Presumably people would still have the raw data that they had to import originally, but that is a lot of work. People more knowledgeable than I suggested their original set up wasn't sound. I don't know, but if there are all these changes they can make now to make it better, sounds like it wasn't all that.

More broadly - do you trust the cloud? should you? Just because it's a large company doesn't mean they know how to do cloud well. Just because it's a small start-up doesn't mean that they don't. It's not really reasonable to keep local copies of certain things. Maybe multiple cloud services for backups - but make sure they aren't both just front ends for the same cloud! Oy.  I feel for the people who lost data.

Comments are off for this post