09 Jun 2013
Bringing it All In-House
Everyone loves “the cloud“, don’t they? Having someone else manage all of your online services for you just seems like heaven — especially if they’re free. You don’t have to worry about anything, just turn up, logon, and do whatever is it that you want to do.
That all sounds fine, but recently I’ve been thinking long and hard about the implications of having my data being owned/handled by a third party. For example; all of my emails, contacts, and calendar are stored on Google’s Apps cloud. All of my passwords are stored on LastPass, and all of my data, photo’s and music are stored in Copy.
So on the face of things this is all great, I don’t have to worry about any of my data going missing, being misused, or me not having access to it. But you see, I am worried. Let’s say Google decide to turn off their Gmail servers tomorrow, or LastPass have enough and close their doors. Copy are quite a new startup, so what if they don’t make it? My data is on their servers, so it’s at the mercy of these vendors.
Agreed, it’s very unlikely that any/all of the above will happen any time soon (if at all), but that’s not to say that it’s impossible and never will happen. For example, below is a quote taken directly from the Google Apps Terms of Service (of which I have agreed to by signing up):
“By using Google services, you acknowledge and agree that Google may access, preserve, and disclose your account information and any Content associated with that account if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce the Terms, including investigation of potential violations hereof, (c) detect, prevent, or otherwise address fraud, security or technical issues (including, without limitation, the filtering of spam), or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.”
This quite clearly states that Google can access my account any time they want to, but not without good reason it would seem. That’s nt the point though, the point is that they have the power to access my account whenever they want. The terms go on to say the following:
“You agree that Google has no responsibility or liability for the deletion or failure to store any Content and other communications maintained or transmitted by Google services. You acknowledge that Google may have set no fixed upper limit on the number of transmissions you may send or receive through Google services or the amount of storage space used; however, we retain the right, at our sole discretion, to create limits at any time with or without notice.”
So say that Google have a massive hardware failure (unlikely but not impossible), or a major hack/attack. Then this paragraph completely absolves them from any responsibility for your data loss. What they’re basically saying is “you can use our service, but we can change it at any time, and if something goes wrong, it’s not our fault”.
Don’t get me wrong, I’m not picking on Google. These are pretty standard terms that a lot of online services require you to agree with. Most of it is just legal mumbo jumbo to cover their own backsides. But the fact of the matter is that these companies do have this power and can enforce these powers if they want to.
Let’s bring it in-house
So all this has got me thinking. “Do I need to be subjected to these rules?”. Well the simple answer is no, I don’t. I have my own server which has plenty of room to spare for other services like email, a password vault, or a personal cloud like ownCloud. But there is a price to pay for this.
The responsibility lies solely with me. I’m responsible for the server, the infrastructure, and the service. So I need to ensure that everything is fool proof — especially if other people like friends and family are using the service also. But I can do that with backups.
So now I’m at a cross roads. Do I move all my services to a self-hosted, in-house system that I fully own and run myself. Or do I stick with what I have and just hope that the unlikely event of these services becoming a thing of the past never comes to fruition?
I’d love to hear what other people think about this. Note: I’m not really interested in hearing people go to town on privacy law, PRISM, or the fact that corporations may or may not be spying on us. It isn’t about that, it’s about services being turned off.
Have any of you guys considered going ‘in-house’? Or are you already running ‘in-house’? If so, I’d love to hear what you have setup to replace the big these common services…