On Wed, Apr 25, 2012 at 10:38 AM, Brodie, Kent <[email protected]> wrote: > The Google policy on their DRIVE service is enough to turn me off, at least > for now. I already have dropbox, and it satisfies my needs wonderfully.
To quote a friend: "Comparing to dropbox' TOS - https://www.dropbox.com/privacy#terms - I suppose theirs read a bit clearer, but Google's are more precise; where DB say "you allow us to do whatever we need to do to provide the service", Google says "if you use our services, you allow us to do these things". I don't really know which way I prefer, but the effect is pretty much the same." On Wed, Apr 25, 2012 at 11:09 AM, Ryan Frantz <[email protected]> wrote: > I concur with Kent: I'll never use those services to store critical content > on a cloud-based storage service. They're convenient, to a point. But > convenience cannot trump security, especially if that's a major concern for > you (it is for me). Heck, I store sensitive content on my IronKey only > AFTER I've encrypted it with GPG. Perhaps that's a little much to some, but > I like to hedge my bets. So many absolutes in one paragraph! How do you define "critical"? Is "critical" about uptime or privacy? A lot of storage services provide better uptime than I used to provide my users at certain previous companies. A provider has contractual obligations about snooping your data with legal recourse: the data stored at past employers has no contractual standard. How many times on this and other mailing lists have sysadmins told stories of the CEO or other executive making them hand over someone else's private email or giving them access to someone else's files? I once met a sysadmin that proudly snooped the email of all the employees with no written permission and no actual rules about what he was looking for (which meant if you were on his s---list you got more examinations). In most of those cases there was no TOS other than "the CEO says he's allowed to do it". And lastly, we all believe when we store data we do it more securely than others but how many people here actually do all the right things required to properly handle their certs, passwords, and so on? I used to feel the same way: I would never put critical information on someone else's server. Then I worked for a CEO that wanted to use SalesForce.com. OMG! Our valuable, valuable customer data! Sales information! Customer lists! Financial data! I fought against moving to Salesforce but the CEO said "managing risk is the responsibility of the CEO. You're job is to inform me of the risks. I've taken them under advisement." Well, switching to Salesforce.com turned out to be one of the best things that company every did. It turns out nothing in this world is black and white. The value of the features in Salesforce.com and the value of being able to access that data from anywhere was much more important than the risk that SF would violate their ToS. We, as system administrators, often forget that these trade-offs exist. There are no absolutes. Tom -- http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
