Bold statement? I was a bit surprised at the conclusion myself. But, let’s take a deeper look.
I’ve obviously made certain choices regarding storage, and have done my own comparisons at certain points in time, but was prompted to update my thoughts after a recent tweet by Chris Mims of the WSJ:
Strong words from Chris, but they ring true. It’s easy to forget that your device can be stolen, and your typical protections (e.g. a lot of folks don’t even bother to set a device login) can be circumvented way more easily than a well-designed, well-funded cloud storage service. Historically, according to the Open Security Foundation, reported exposures of personally identifiable information (PII) resulting from lost or stolen devices and media made up more than 22% of all incidents, while hacking made up 30%. The numbers are comparable. While the percentage of incidents related to hacking has increased dramatically in the last year, the um, Target has been easier prey like retailers.
Looking more broadly than security, I wondered if a cloud storage service could actually be better than storage on a device.
What does better mean?
I broke it down into rough categories of cost, usability, and security:
- What is the comparative cost over the lifespan of the storage?
- How accessible is the storage for personal use?
- Can data on the storage be easily shared with others for collaboration or broadcast purposes?
- How protected is the storage from unwanted access? From copying if it has been accessed?
- How protected is the storage from accidental deletion, device failure, or a home fire?
- Are there guarantees that your data will be available or recoverable?
- Are there guarantees around the privacy of your data?
When I completed the table below, it became obvious that cloud storage has come a long way. And that there is a second, geekier, but also viable option to local device storage.
Cloud storage is now cost competitive
First is cost. Since Google Drive’s massive price drop on March 17th, the cost of a large amount of personal cloud storage is now competitive with local device, local external storage, and local network storage (NAS) over a three year lifecycle. The average amount of content that people have is about ~60GB (according to some online backup providers). I picked 1 terabyte (TB) of storage to accommodate “digital natives” with a little extra headroom and found that Google Drive is now competitive at $10/month. Bitcasa, despite a price increase at the end of last year, offers the same deal. Dropbox and Microsoft OneDrive have yet to match, but I am certain they will in the short term.
Interestingly, internal device storage is the most expensive option, particularly because of the current move to solid state drives. The maximum size is typically 256GB (which in my case was almost immediately filled), and getting to that size can cost as much as $220 or $1.72 per GB. 32 more gigabytes on your iPhone 5S costs $100 or $3.13 per GB. Ugh. You can certainly get an external drive for a good price, but that means another separate device to carry around and maintain.
There’s little contest with accessibility
All the cloud storage services offer multi-device access to the content you store, and at least some amount of control over what is stored locally for offline access. As long as you have Internet access, you’re in good shape (rural areas are an exception), and the many parallel vendor efforts at file synchronization have made the technology better and better (a subject for another post). The amount of content is still a bit of a question mark. Do I advocate immediately loading hundreds of gigabytes into the cloud? Not really. Over time, as more of your “working set” is in the cloud, you’ll start to forget the distinction.
Device and external storage require you to carry them wherever you go. They have differing capacities, so you won’t always have everything you need. If you carry your laptop or external drive everywhere, you increase the chances of it being damaged or stolen. You can access your laptop remotely, but you will have to leave it on all the time, and have set up your network and firewall correctly to remain secure. NAS, which is always on, offers an increasing amount of remote access options, either via network storage protocols, streaming, or via file sync, though it still takes some level of configuration to get it working.
Sharing with cloud storage offers the most flexibility
Most cloud storage services allow sharing in multiple ways, usually with just a few clicks. Google Drive for example allows you to share selectively or publicly. Others can be allowed to edit what you share, or only view it. You can even share content in “published” format as I have done on above, where the content is embedded within a web page, and changes dynamically as I change the document.
Sharing with device and external storage requires you to copy the content via a removable drive, email it, or upload it to a… cloud service. Another place to copy it would be network storage, which is a great option for local sharing with other devices on the network. But, the sharing options are more limited than the plethora available in network and out of network via cloud storage.
Cloud storage has more protections against unwanted access
Though cloud storage is in the public, it offers more authentication capabilities. You can easily select two-factor authentication with most cloud storage services, which improves protection against unwanted access considerably over just a single password. Many NAS devices also offer two factor authentication. Laptops and smartphones lag behind, with the exception of the newest phones with their fingerprint scanners.
Encryption is still a toss up
Cloud backup services are way ahead of cloud storage services (with the exception of Bitcasa) in that most of them allow what is called a “private key” to be used to encrypt the data before it is uploaded to the service. Most cloud storage services offer encryption in flight, but their encryption at rest is usually shared across all their users (e.g. Dropbox), which limits the protection. While more and more device operating systems offer optional at rest encryption, few people I know ever bother. Call it a toss up.
When it comes to backup, it helps to be automatic
Even at the small business level, only ~30% have an adequate backup strategy (according to online backup vendors like Carbonite). I can’t imagine that individuals are much better. Without a backup or replica, when your device storage breaks down, that’s it. NAS improves things by one or two degrees. They can be an effective target for an automatic backup program like Apple Time Machine, since they can typically withstand at least one drive failure. Cloud storage services are not really backup, in that you typically can’t restore an entire set of data from a particular point and time, but most provide replicas and versions of files to protect against device or service problems, and accidental user deletions.
Unless you happen to live right in Dalles, Oregon, cloud storage keeps your data remote and safe
Cloud storage services also have the benefit of not typically being nearby. If you’re home is struck by disaster, your data in the cloud storage service will likely still be safe. Devices and network storage in your home will obviously be affected. But, that leads to the next point.
Reading the fine print should make you hesitate, at least a little
In general, none of the cloud storage services are liable for disruption or data loss. Obviously, their reputation depends on this never happening, but since the majority of their users are free users, they all ask you to backup your own data (which is amusingly counter-intuitive). From Microsoft:
Microsoft isn’t liable for any disruption or loss you may suffer as a result. You should regularly backup the content that you store on the services. Having a regular backup plan and following it can help you prevent loss of your content.
The same goes for privacy. While a big deal was made of cloud storage services not claiming ownership over whatever you upload, they have the right to touch everything. For example, an excerpt from the Google Drive terms of service:
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.
These types of policies have led some of us to spend the extra time needed to get their own storage environments running. Network storage is definitely not for everyone. It still requires a certain amount of technical skill and patience to get running properly. But for those that value control and privacy, it is a very viable option.
Cloud storage is way better than local device storage alone, but those willing to do a little more work, NAS is worth considering
Cloud storage services have consistently improved over the years and are now measurably better than keeping everything on your local devices alone. File synchronization has played a big part in reducing the difference between what is local and what is remote, along with improvements in security, sharing, and cost. That said, personal NAS devices have also taken dramatic steps in price, capability, and usability, to the point where some are marketed as a “personal cloud,” (and successfully deliver on that).
In some ways, this “surprise result” simply reflects the constant balancing act of computing, where changes in processing power, storage capacity, and bandwidth continually shift the optimal type of device we should use and the optimal place for our data. As I pointed in out in a previous post about “perfect computing,” my hope is that vendors continue to push towards a place where the distinctions between local computing and cloud computing no longer matter. I’d also like to see a storage service where the motivation is simply quality service, not a broad option to mine my data at some future point.
Call it “fog computing” (actually, please don’t) or distributed computing, but optimized, automated use of distributed computing resources will be the next frontier.