Are Cloud Apps Really a Better Deal?

TCOSome Cloud Apps are free and you can’t beat free. But other Cloud Apps have a monthly charge, so you may ask yourself: “Is it cheaper to buy a copy of traditional software than to pay a monthly fee for a cloud app?” This post and the calculator at the end will help you decide.

Similar to the Rent vs. Buy decisions you encounter when choosing a home or a car, you face a general tradeoff between higher on-going costs vs. higher up-front costs, but many other factors play a role as well. Also, it is important to compare the functionality you actually need. The Cloud App may require add-on products to provide the functionality you need, or traditional software may come with many features or modules you will never use. What we want to know is, for the functionality you need, what is the Total Cost of Ownership (TCO) for both options.

Traditional software is sold with a perpetual license that you pay once upfront giving you the right to use the software forever. However software vendors typically charge for periodic upgrades. You may want to upgrade due to new features or capabilities. On the other hand, you may be required to upgrade if the software does not work on the latest hardware or operating system. Software vendors also may stop providing support on products after newer versions are released, an industry practice called “end-of-life”. So eventually you will need to pay to upgrade your software, the question is will it be sooner or later. The basic calculation for traditional software using the example of Adobe Creative Suite (if you can even find a copy):

  • A = Upfront License Fee: $1,200
  • B = Number of major upgrades: 0
  • C = Cost of major upgrade: $0
  • X = # years software is in use: 5
Total Cost of Ownership (TCO) for Adobe Creative Suite = A + (C * D) = $1,200

Cloud Apps are sold with a subscription license that you pay monthly or annually. Most Cloud Apps allow you to cancel anytime, but some require a longer commitment to get the best price. Cloud App providers have been recently aggressive in raising monthly fees when time comes to renew. The functionality in Cloud Apps is typically made available to all users without need to upgrade or pay a fee. The basic calculation for traditional software using the example of Adobe Creative Cloud (now the only option):

  • D = Subscription Fee (Monthly): $50 ($70 for new users)
  • E = Subscription Term (Years) = 0
  • F = % Annual Cost Increase: 0%
  • X = # years software is in use: 5

Total Cost of Ownership (TCO) for Adobe Creative Cloud = (D * X * 12) = $3,000

Many other costs are similar in either traditional software or Cloud Apps.  For example, purchases of traditional off-the-shelf software can be written off as a Section 179 business deduction and subscriptions to Cloud App software can generally be expensed on your federal income taxes.

Big companies care a lot about installation, customization, integration, data conversion, training, and change management costs. But for most creative entrepreneurs these costs are essentially $0. In theory hardware costs should be lower for cloud-based apps, but they are not factored here since most creative entrepreneurs will use a mix of cloud-based and traditional software and upgrade hardware for a variety of reasons.

In our overly simplified example of Adobe Creative Suite vs. Adobe Creative Cloud, the Cloud is almost 3 times more expensive over the 5 years of use. Overall, deciding if a Cloud App is a good deal depends on your personal situation. Are you always trying the latest and greatest? Or are you still on Windows XP? How quickly you upgrade and how often you changes providers will make a huge difference in your costs.

This link is an excellent online TCO calculator for helping you determine the best financial deal for you.

TCO Calculator
One more thing. I said at the top of the post that you can’t beat free, but there are other considerations that may be more important to you. Many of those considerations will continue to be highlighted in this blog in the weeks and months to come. Read on!

Don’t Learn to Serf with Fiverr

FiverrFive years ago Fiverr.com launched. So Happy Birthday you piece of shit! Lauded as revolutionary by clueless pundits this online services marketplace quickly disappointed both actual buyers AND sellers. So what are the origins of Fiverr, what has it evolved into today, and what does it presage for the future of cloud-based services marketplaces for creative entrepreneurs? Keep reading…

Brief History of Fiverr

First some background on Fiverr. Founded in February 2010 by Micha Kaufman and Shai Wininger the site styles itself as the “eBay or Amazon of professional services”. Built on the marketing conceit that $5 is some magical price point at which buyers get something of value and sellers get about $3.76 for their trouble (after 20% Fiverr commission and 0.24 Paypal charges). The company has grown from 2 employees to 130 and raised $50M in venture funding including a recent Series C Round of $30 Million (only 600,000 $5 Gigs!).

What has Fiverr Become Today?

Initially sellers helped buyers with simple, useful chores such as proofreading your resume, spotting errors in your javascript code, or shopping for a birthday gift. However about two years ago Fiverr started allowing experienced sellers to charge more than $5 by adding on “extras” (new sellers must still start out by offering only $5 services). This has allowed the site to target offerings for creative work in graphic design, creative writing, songwriting, video production, voice acting, and web design to name a few. Which raises several questions about Fiverr that we will now seek to answer.

Does Fiverr Drive Down Prices?

Not according to the founders: It just drives down quality. I am paraphrasing founder Shai Wininger whose exact disingenuous quote is, “The claim that marketplaces in general drive prices down is false. It means that there is a wide spectrum of quality you can buy.”  There are many problems with this view, not the least of which is that it is just not true.

First of all, according to the U.S. Federal Reserve, e-commerce marketplaces lead to “downward pressure on inflation through greater competition, cost savings, and changes in price-setting behavior of sellers.” So online marketplaces do in fact drive down prices.

Second of all, the idea of Anchoring and Adjustment in modern game theory suggests that by setting the first price at a low $5, Fiverr influences all subsequent pricing. This leads to faulty decision making (price setting) for both buyers and sellers on the Fiverr site.

Finally, a significant component of Fiverr is outsourcing work to countries with lower wages. For example, of the Gigs reported for Top Sellers for Book Cover Design less than 25% are from providers in the United States and Western Europe. And studies show that outsourcing did in fact limit wage growth in the United States. Read more about that here.

So it is clear that Fiverr does drive down the prices for the work of creative entrepreneurs. As Winiger hints it may also enable a race to the bottom on quality for those buyers who want that.

Is Fiverr a Good Place for Creatives to Get Work?

Certainly lots of people have tried Fiverr, many have made some money, and some have made big money. It is a popular site based on the number of sellers who have setup profiles on the site.

  • Graphics & Design: 21,020 Sellers, 1048 Top Rated Sellers
  • Online Marketing: 16,029 Sellers, 503 Top Rated Sellers
  • Writing & Translation: 12,454 Sellers, 342 Top Rated Sellers
  • Video & Animation: 7,533 Sellers, 476 Top Rated Sellers
  • Music & Audio: 3,848 Sellers, 349 Top Rated Sellers
  • Programming & Tech: 9,183 Sellers, 161 Top Rated Sellers
  • Advertising: 2,998 Sellers, 182 Top Rated Sellers
  • Business: 3,733 Sellers, 135 Top Rated Sellers

Since individual profiles may offer services in more than one category it is impossible to determine if these are unique users. It is also difficult to determine how many of these users are still active on the site. Nonetheless, these are respectable numbers.

But there are also many horror stories from users of the site. Buyers complain about cons/scams, fake feedback scores, copyright violations, failure to deliver on-time, lack of recourse for shoddy work. And Sellers complain about cons/scams, high commissions, their work being resold for more money elsewhere, not being able to rate or provide feedback on buyers, accounts closed without notice. Some of the stories are just sad, such as this one, about a U.S. Veteran whose account was suspended for no valid reason.

Defenders of Fiverr, including some successful sellers/buyers on the site, are quick to point out the following tired cliches such as: “You get what you pay for”, “Caveat Emptor (Buyer beware)”, “What the market will bear”, and my favorite, “Everyone knows it won’t cost $5”. OK. Cliches have kernels of truth.

So the answer to this question is an emphatic IT DEPENDS. If the site works for you as a seller GREAT I wish you well. If you are a buyer check out these TIPS. If you want alternatives there are larger, more highly rated, general freelance sites (with lower commissions) such as freelancer.com and eLance. There are also category-specific so-called pay-to-play sites such as Voices.com for voice actors. One advantage of a pay-to-play site is that, because they are paying to be there, it weeds our the scammer, the dilettante, and the generally incompetent.

The Future of Freelance Work for Artists

More than a third of U.S. workers are now freelancers according to Forbes. The freelance, contingent, adjunct economy continues to grow. So what does the future of freelance creative work look like?

Several sunny, glass-is-half-full Fiverr blog posts describe the future of work as the “Gig Economy Lifestyle” pointing out that, while some extra money is great, the flexibility of working at home, gaining experience to add to your portfolio, and the ability to follow your passion is what really matters. They should have also mentioned how freelance workers are able to forgo economic benefits (e.g. unemployment insurance, social security), avoid legal protections (e.g. discrimination, minimum wage), and bypass union participation (e.g. SAG/AFTRA). Sounds nice, huh?

The sad truth is that to be an artist starting out today is becoming less about talent and more about wealth. Many creative entrepreneurs have invested heavily in college or art school, purchased expensive and specialized tools, and worked at internships for free. So are some jobs becoming possible only for those with the economic means to pursue them? This is the view of Sarah Kendrizor who has written extensively on the exploitation of adjuncts in higher education. She notes that “The contingent labor market is marked by two paths: one of low-status, low-paying jobs emblematic of poverty; another of high-status, low-paying jobs emblematic of wealth.” Online marketplaces have the potential to allow creatives to put food on the table, but only if they promote and enhance the value of creative work and offer a fair deal to the artists.

Income inequality is an above the fold topic of our time, and informs the debate about the future of work. Thomas Picketty chronicles how, over the past decades, financial rewards for the skilled worker have transferred to the skilled manager.  See his TED talk here. I bring this forward, in reverse of a conservative trope, to point out that the “Makers” in this story are the Artists who, you know, actually make things, not the “Takers” (Executives) of some shitty website like Fiverr.

I will leave Kaufman and Wininger with this quote from Taylor Swift responding to Spotify:  “Congrats on your new business model, but you can’t build it on the backs of the artists.” 
Full Disclosure: My passion for this topic is because I am a serial entrepreneur having founded three companies, a former and current freelancer, I studied economics (and computer science) at University, and I firmly believe technology should make peoples lives better.

Is My Information Safe in The Cloud? (Part 2: Privacy)

PrivacyAnswering this question takes two steps: 1. Read the Privacy Policy and Terms of Service. 2. Read the Privacy Policy and Terms of Service AGAIN.

Individuals and businesses are generally free  to share personal information on themselves, customers, and employees with a cloud provider. Exceptions exist due to legal or professional obligations such as for a lawyer, tax preparer, or  psychiatrist. However, once shared, the privacy and confidentiality of your information is almost completely dependent on the terms of service and privacy policy established by the cloud provider. Let’s look at Google Terms of Service as an example.

Google Terms of Service states that “When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”

Whoa! Sounds terrible right? I’m certainly not going to put my Great American Novel manuscript on Google Drive or my feature film trailer on YouTube! Hold on a sec, Google then qualifies that license you are giving them this way: “You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.” OK that sounds good. “The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.” OK that makes sense, in fact is probably essential for them to provide the service you want.

Whew! There is hope: “Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services.” Kind of vague, but maybe I guess I can live with that.

Google’s Privacy Policy states that they collect information in two ways. Information you give us. For example, many of our services require you to sign up for a Google Account. When you do, we’ll ask for personal information, like your name, email address, telephone number or credit card. If you want to take full advantage of the sharing features we offer, we might also ask you to create a publicly visible Google Profile, which may include your name and photo.” and also Information we get from your use of our services. We collect information about the services that you use and how you use them, like when you watch a video on YouTube, visit a website that uses our advertising services, or you view and interact with our ads and content.” Hmmm…

Whoopee! Looks like at least I have some control. “We do not share personal information with companies, organizations and individuals outside of Google unless… we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.” That actually sounds pretty fair.

Wait! And what is this? “Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.” That is definitely a mixed bag. I don’t want SPAM but I also don’t want my private personal e-mails read.

Well Hell! Maybe I’ll just quit using Google altogether! In that case we find some good news: “You can stop using our Services at any time, although we’ll be sorry to see you go.” That’s nice and they also say: “We believe that you own your data and preserving your access to such data is important.” OK. But what if they break up with me first? “Google may also stop providing Services to you, or add or create new limits to our Services at any time.  If we discontinue a Service, where reasonably possible, we will give you reasonable advance notice and a chance to get information out of that Service.”

I hope that example was instructive. And for the record I use Google products every day and believe their privacy policies are as good as most cloud service providers. But you should realize that understanding your privacy rights takes effort.  The State of California has a great article “How To Read A Privacy Policy”  that suggests you ask the following questions.

  • What personal information is collected?
  • How is the information collected?
  • Why is the information collected?
  • How is the information used?
  • Who will have access to the information?
  • What choices do you have?
  • Can you review or correct personal information?
  • What security measures are used to protect your personal information?
  • How long will the organization honor its privacy policy?
If you are not comfortable with the answers look for a different cloud app provider.

The reason you have to do all the work is that, unlike most of the rest of the world, the U.S. has primarily taken a “self-regulation” approach to privacy which In many ways has been an abject failure. This approach has been overlaid with a few sector based federal laws (financial services, e-mail spam, protection of children online, etc.) and a fragmented patchwork of state laws (data breach, policy disclosure, etc).

The top cop for protecting your privacy is the Federal Trade Commission (FTC), which sets policy and brings enforcement actions against advertising networks, information brokers, mobile app providers, online retails, search providers (Google), and social networks (Facebook). The FTC articulated Fair Information Practice Principles almost 40 years ago and in our modern age promotes a framework with 3 key practices: privacy by design, i.e. making privacy the default setting, giving consumers control by simplifying choice, and greater transparency by those entities that collect and use personal information. But without broad federal privacy legislation it is very possible we will see the End of Privacy. To see how close we are to that future already, take the ACLU (great, short, fun) privacy quiz that shows you how exposed your personal information really is.

To sum up I suggest you take the following 4 steps to protect your business and personal information.

Control your information. Only provide the minimum required information in any form or interaction. Configure your browser for “Do Not Track” and “Disable Cookies” where possible. Understand and set your privacy controls on every website and service you use. A good guide is here.

Control your devices. Treat your smartphone like the computer that it is and put the same level of controls on access. See my earlier blog post on Security for more.

Control your apps. Choose apps that have Terms of Service and Privacy Policies that you can live with. Also, watch out for the many add-on Apps that are provided by third party developers and might have different terms and policies than your primary Cloud App service provider. Don’t let mobile apps use location services without good cause.

Control your opt-outs. For your own personal information one of the best things you can do is to Opt-Out. The World Privacy Forum provides a guide on the top 10 Opt Outs. This is a fantastic list to allow you to be “let alone”, as Justice Brandeis termed it, both off-line and on-line. I highly recommend it.

Full disclosure, I wrote my Ph.D. dissertation on information privacy and how people’s attitudes and behaviors differ based on their generation. If you would like to know more you can access it here.

Build Stronger Relationships with Nimble CRM

Featured Image“Traditional CRM doesn’t TELL you anything, YOU have to tell IT everything.” Jon Ferrara could not be more right, and his cloud-based Nimble CRM (Customer Relationship Management) goes a long way toward flipping this script. Some creatives may feel they don’t need to “sell” because they have representation such as agents, labels, publishers, studios doing that for them. But that game is changing, and regardless relationships are the key to success in a creative business. It’s who you know and who knows you. AND what they think of you.

Before we look at Nimble lets briefly review what creative entrepreneurs should be trying to achieve with a good relationship management system.

Keep a record of all your contacts. Sounds simple but most people don’t, and successful people do. At a minimum you should have a full and complete record of every client and prospective client. In addition, and depending on your industry, you should have a record of every agent, casting director, coach, director, game designer, industry executive, publisher, producer, studio head and everyone else that you have met, called, emailed, or written to. As you can see this is a very long list of people and even for someone starting out it is a lot of information to keep straight. Have a system. Yes you can use Gmail contacts or your phone’s address book or even index cards if that works for you. But post it notes and scraps of paper are not a system. Nimble costs $15 per month per user, which may be a deterrent to some creative entrepreneurs looking to keep costs as low as possible.

Have a complete single view of your contacts. In our social-media connected world it is not enough to have only a basic name, phone, e-mail, physical address, and type of business. You must also record addresses for websites, Facebook, Twitter, LinkedIn, Instagram, Soundcloud, Vimeo, etc., etc. And much of the most interesting and current information is embedded in these multiple social media streams. You might also keep track of activities such as attending an audition, booking a gig, sending a demo reel, providing a headshot, and follow-up activities. In most cases this information is spread across multiple applications, data formats, and is of varying levels of quality. For example you may have basic contact info in your iPhone address book, activity data in e-mail on Outlook, events on a Calendar App, and multiple separate social streams. This is the promise (not often delivered) of CRM: to have one place where you can see all of a customer’s information.

Avoid contacts falling into the “black hole”. Every day opportunities pass us by because we fail to follow up on them. Someone gives us their card, but we never call.  Someone else friends us on Facebook, but we never message them. That e-mail of a friend of a friend gets lost. We have a good conversation with someone who might help our career, but then six months go by and that relationship has “died on the vine”. Have a way of triggering reminders to stay in touch, what is sometimes called a “tickler” system. Remember also that it is a small world and a long career. The bartender you meet today may be directing a feature film a few years from now.

Focus on the relationships that matter.  Keeping up with people takes precious time away from you practicing and perfecting your craft. It is often true that most of our relationships are with our peers, people like ourselves. Actors know other actors. Graphic designers know other graphic designers. And it can be tempting to spend most of your time interacting with your peers. But growing your business and career means spending 80% of your time interacting with the 20% of the people who can help you get work. Have a way of tracking these most important relationships and give them the attention they deserve. If you contact only three people a day you will have maintained contact with over 1,000 people each year. A more than large enough group to create and sustain success, if it is the right 1,000 people.

Choose an appropriate scale of software. Traditional CRM systems are sold and implemented for managers and executives and are seldom much help to individual sales people. And creative entrepreneurs, often soloprenuers, do not need these cumbersome systems. You can trust me on this, I founded one of the leading CRM consulting firms and helped large companies such as Schlumberger, Raytheon Aircraft, Birkenstock USA, Kraft Foods, McAfee, and Starbucks implement technology to improve their customer relationships.

Nimble CEO Jon Ferrara basically created modern sales force automation with his much beloved GoldMine software in the 1990s. He has created Nimble with the same focus on improving the productivity of the individual with easy to use tools driven by powerful and innovative features. Let’s look at two of these features Nimble Magnifier and Nimble Signals.

Nimble Magnifier

The worst part of any contact management system is the drudgery of entering all the data. Nimble solves this problem by allowing you to simply hover over a contact name on any website (social sites work best) and the software automagically imports (or updates) all the information for that contact into your Nimble database. Once it has profile information from one site, say Facebook, it shows similar profiles on other social networks, like Twitter and LinkedIn, and asks you if it is the same person. In almost no time at all you have a rich, robust customer contact record that would have taken so long to enter manually you probably wouldn’t have bothered. From this sidebar you can mark the contact as Important, activate a stay in touch reminder, add notes, tasks, deals, and much more. All without opening up a separate app or cutting or pasting anything!

In the following screenshot  I am on my Facebook profile page and the Nimble plug-in is the sidebar on the right. I hover the mouse pointer over the banner and Nimble pulls all of the available information into a new contact record. This works even if you are not yet friends with this person, although if you are friends you get more data loaded.
Untitled 4

Nimble then asks if other social profiles are the same person. It is not perfect and for a common name like “Brian Johnson” you may end up with unhelpful suggestions. In this case Nimble suggests the Twitter profile for Brian Johnson the lead singer of AC/DC, but in my experience it is uncanny how often the correct profile is present in the first 3-5 matches displayed.
Untitled 6

Nimble Signals

The Nimble desktop app delivers on the single view of the customer we discussed earlier. It brings together a contact’s basic profile information, e-mail interactions, previous and scheduled tasks/events, shared connections, and a unified social media stream into a single contextual history. This is incredibly valuable when you have not interacted with a contact for a period of time. You can slip into their social stream and find reasons to engage them on topics that are current and fresh to them (a recent award or project) and remind them of interactions you had in the past (an audition or job). This places your interaction into the context of your customer’s life without being intrusive.  Read more about this concept of “Social Selling” that here or here.

In the following screenshots  I am using the Nimble desktop app and reviewing the information of my business partner Angela Grayden. From this main contact screen you can easily add an activity (task, calendar event, touch), send a message (E-mail,Twitter, Facebook), add a note, create a “deal”, or attach a file (dropbox or google drive) without leaving the main page. You can also see the contacts social networks and a “Smart Summary”.
The tabs at the bottom of the main screen show an incredible wealth of information. The Pending and History Tab shows E-Mail messages, calendar events, tasks, notes and more. The Social Tab (displayed below)  shows the unified social media stream of the contacts activities. The Shared Connections Tab shows your relationship to this contact.
The Signals tab allows you to view and filter “social signals” such as retweets, likes, comments, new connections, birthdays, and job changes for all of your contacts or just those contacts you have marked “important”. These are all natural opportunities for engagement with the people who can help you grow your career. Nimble will also send you a daily summary showing you the most important signals you should act on each day. Also much, but certainly not all, of this contact information is available on your smartphone via the recently released Nimble Mobile App.
So to paraphrase and flip the statement made by Jon Ferrara at the beginning of this post: “Nimble CRM asks you to tell it very little, and then it tells you a great number of things you don’t already know.”

Just to review: we looked at how relationship management can help creative entrepreneurs, demonstrated how you can easily grab data from a social site using the Nimble CRM Plug-in, and how you can gaining insights from Nimble Signals.  Next week we will return to the topic of Is Your Information Safe In The Cloud? with Part 2: Information Privacy.

The Scorecard

Scorecard Large

Is My Information Safe In The Cloud? (Part 1: Security)

Post 5 - SecurityAdopting a Cloud App means entrusting your information to someone else, and you need to know if that information is safe. There are obvious risks: Is it safe from hackers and malicious employees? Is it safe from natural disasters such as earthquakes or man-made ones such as bankruptcy? And maybe not so obvious ones: Will I be able to download my data in a usable format? Will I be able to delete it if I cancel my service? Will it be shared with law enforcement or litigants in a civil lawsuit without my knowledge? And most importantly what can I do to make sure my information is safe?

Keeping you data in the cloud magnifies some existing security threats and also creates some new ones. The well-respected Cloud Security Alliance detailed the “Notorious Nine”. But for creative entrepreneurs there are really only four main security threats.

1. Your Account is hijacked.

Account hijacking is when someone obtains your login credentials and passwords and is able to access your cloud-based account. A recent study by Experian found that login information for a Twitter account is worth more on the black market than a credit card number. Since people often reuse credentials and passwords, access to one account can lead to access on other accounts. Also the attacker can eavesdrop on your activities and those of your social circle. This is a threat specific to cloud-based software applications. Traditional software on your laptop required physical access to the device.

While this information is now targeted in hacker attacks (Sony Playstation), the tried and true methods of phishing, fraud, and spyware are still significant avenues (iCloud Nudes).

Protecting your login credentials is pretty straightforward: use different passwords for different accounts, create hard to guess passwords, don’t share sensitive information online, avoid public Wi-Fi, use https, etc. You have heard all of that before however the discipline required and the inconvenience involved means most people don’t do this very well. Here is a good guide on protecting yourself online and offline.

2 Your information is stolen.

“Data Breach” is when personal or sensitive information is stolen from the company storing it. You may envision a hacker or foreign government exploiting a vulnerability in the company’s firewall, but malicious employees and negligence account for about 59% of these incidents. A typical data breach law requires a notification letter be sent to those affected and in some cases identity theft protection services are offered.

Every week brings new data breach reports from companies such as Target, Home Depot, or Sony Pictures. But we only hear about them at all because individual states have enacted data breach notification laws. Starting with California in 2003 a patchwork of laws now exist in 47 states. And some industries, such as financial services, are covered by Federal data breach notification law.

Unfortunately for users of Cloud Apps this patchwork means your data may reside in a jurisdiction with strong, weak, or no regulation. In fact in some areas cloud services are specifically exempted from breach notifications. In this environment it is very difficult for a creative entrepreneur to independently verify that their data has been breached, so it comes down to trusting the cloud app provider to notify you.

3 Your information is lost.

“Data Loss” traditionally refers to the cloud service provider’s inability to provide you your data. To accommodate cloud-based apps I have segmented and expanded this definition to include three conditions that reduce or eliminate your ability to use your data: Loss of Access, Loss of Portability, and Loss of Identification. Let’s look at these in more detail.

Loss of access occurs when you are unable to access your data. This includes the traditional categories of data loss: accidental deletion by the service provider, damage to infrastructure from natural disasters, or inadequate backups. In addition this category should include loss of access to data due to the bankruptcy of the cloud service provider, failed system upgrades, end-of-life support for existing platforms or versions, and denial of service attacks.

Loss of Portability (also called Lock-In) occurs when you are unable to easily switch to a new cloud or non-cloud provider. Loss of Portability is often due to lack of adequate download utilities or use of proprietary file formats. For example you may have spent hundreds of hours entering, cleaning, and enhancing your customer information in a cloud-based Customer Relationship Management tool, only to find out that the only data you can download is a basic customer list. All of the meaningful information in that CRM system such as tasks, opportunities, quotes/orders, service requests, marketing activities, and the metadata relationships are unavailable to migrate to your new system without reentering all of this data. Proprietary file formats is another way that some cloud service providers keep you from going somewhere else.

Loss of Identification means you are unable to assert your rights to your data. This could happen for example if you were to lose an encryption key code or a physical key dongle. Loss of Identification can also happen due to the death or incapacitation of the user. In which case is a family member or business partner able to obtain full or limited access? Another example is if your cloud service provider subsumes your intellectual property rights such as to photos, movies or music on a social media website or books or screenplays on a reviews website. Also in this, admittedly somewhat eclectic, category is deletion of an account by the owner who later has second thoughts. Some cloud service providers place your account in a “quarantined” or suspended state for a period of time, with the ability to reactivate the account if you so choose.

 4 Your information is used against you or others.

This section briefly discusses the threat of your data being used against you or those close to you as a result of being accessed by law enforcement, government agencies, and litigants in civil lawsuits. I promise this is not the paranoid aluminum foil hat section. Read on.

Cloud data is different than local data. The Fourth Amendment prohibits unlawful search and seizure and requires a judge to grant a search warrant. Data on a user’s hard drive has the full protections of the Fourth Amendment, however data voluntarily transferred to a third party, in this case a cloud service provider, may lose this shield and be used in a number of potentially damaging ways.

With the revelations of Edward Snowden, it is clear that government agencies have the ability to monitor Internet traffic and data at internet service providers. It is a chilling Orwellian thought that a creative entrepreneur who was creating art, film, or software that might be counter to certain interests could be monitored through their electronic lives. For the vast majority of people and uses this is only a theoretical, not an actual, threat but one you should consider in your own situation.

A more common concern is that cloud data could easily be subpoenaed in a civil lawsuit. This might be in regards to a business related dispute with a client or vendor, but in the creative professions this could also be a dispute about intellectual property, royalty sharing, or digital assets. Companies are often required to comply with “eDiscovery” requests that force them to turn over e-mails and other electronic documents related to the civil dispute. If information is particularly sensitive the creative entrepreneur should have the highest level of control over that information and a cloud-based repository may not be appropriate.

How to choose a cloud provider that will keep your information safe?

There are two paths to finding a cloud service provider that will keep your information safe. The first is looking to see if your cloud service provider has information security certification such as ISO‐27001, has passed a security audit such as SSAE 16, or qualifies for seals such as those from TRUSTe. The second is asking key questions of your cloud service provider and evaluating the answers based on your situation. I suggest you do both.

The best source of questions I have found to ask your cloud provider comes from a group of thoughtful and distinguished industry experts at a retreat held by the Consumer Federation of America in 2010 that produced a document Consumer Protection in Cloud Computing Services: Recommendations for Best Practices that is available here, and from which I have reproduced the two relevant appendices below.

We come to the end of another post. Just to review this post discussed the 4 major Information Security threats facing creative entrepreneurs and how to select a trustworthy cloud service provider. A future post (Part 2)  will focus on the other side of the coin: Information Privacy.

The remainder of this post is derived from the Appendices in the Consumer Protection in Cloud Computing Services: Recommendations for Best Practices from a Consumer Federation of America Retreat on Cloud Computing, November 30, 2010. Please download the full report, but for your convenience I have reproduced the 2 Appendices below. Find it at this web address: http://www.consumerfed.org/pdfs/Cloud-report-2010.pdf

Appendix A: Best Practices in Disclosure for Business‐to‐Consumer Services

*Answers to the questions provided are illustrative.

  1. What is the cloud service provider’s business model?
    1. “We charge consumers a fee for this service.”
    2. “We serve advertising based upon consumers’ interests in exchange for the service”
    3. “We analyze consumers’ information in order to serve advertising based upon their interests”
  2. What entity actually provides the cloud service?
    1. “We provide it directly”
    2. “We provide it directly, and use the following subcontractors…”
    3. “We subcontract all services to…”
  3. Is consumer content or transactional data shared? If so, with whom? What choice mechanisms are in place?
    1. “no”
    2. “Yes, we share information with affiliates, and you can opt out by X”
    3. “Yes, we share information with third parties, and you can opt out by X”
  4. Is consumer content or transaction data used for purposes not required for the technical operation of the service?
    1. “No”
    2. “Yes, we use content/transaction data to target advertisements”
  5. Is the provided service a private or public cloud?
    1. Private cloud: the service is provided by a single entity
    2. Public cloud: many consumers may be using the same service
  6. What data can the consumer export and in what format?
    1. The consumer can export all data that the user provides in standard formats, including csv, txt, xls.
    2. The consumer can export data only in proprietary formats
  7. Will users be notified of security breaches?
    1. Yes, according to the law of [jurisdiction]
  8. Will the consumer be promptly notified if there is a law enforcement or civil request for data about the consumer.
    1. Yes, if we are legally able to notify users.
    2. No
  9. In what jurisdiction are the data stored?
    1. [list of one or more countries]
    2. [indicate whether user or service has discretion to select storage locations]
  10. What jurisdictions’ laws govern the privacy and security aspects of the cloud providers’ services, and what is the relevant consumer protection authority?
  11. What procedures are followed when closing accounts?
    1. We will give consumers 30 days of access before closing their accounts for non-payment
    2. In the event of discontinuance of service, we will give consumers 30 days of access to extract data
  12. Who is responsible for consumer and privacy issues and what is their contact information?
    1. Name responsible employee and provide contact information

Appendix B: Sample Disclosure (from cloud service provider)

Our Business

We provide services to you for a fee.

We own and operate the equipment for this cloud service. 

Your Data

We do not share content or transactional data with third parties.

We only use content and transactional data for purposes required for the technical operation of the service.

You can export data uploaded and generated on this service in standard formats, including csv, txt, and xls.

If possible, we will notify you if another party requests data or information about your use of this service.

Our Cloud

Your service level is a private cloud, meaning that we are using a dedicated infrastructure for your services.

Our cloud operates in the following countries: the USA and Canada.

Our cloud services are governed by the laws of the USA and Canada and by the following regulators:

U.S. Federal Trade Commission Privacy Commissioner of Canada

Security

If we become aware of a security breach, we will inform you of it consistent with the law of California.

In January 2010, our service was certified as compliant with ISO‐27001/2 by our auditor.

Account Termination

In the event of a termination of our services, or nonpayment on your account, we will give you notice and 30 days to export data from our cloud. 

Contact Us

Our privacy and security contact is:

Joan A. Privacyofficer
1 Embarcadero Center
San Francisco, CA 94001
(415) 555‐1212 privacyofficer@cloudprovider.com

What don’t you need to know about “The Cloud”?

Post 2 1200x1200In a word: “Everything”.

OK. You see that stuff in the speech bubble? You don’t need to know any of that stuff. In fact the idea of “The Cloud” originated as shorthand for white boarding technical architectures. It represented the unknown. It represented the (for now) unimportant. It represented the (frankly) incomprehensible.

Note to any techie scolds reading this: The word Cloud has more meanings than your narrow definition of it. Yes, marketers stole the word, get over it already. In fact the first use of the term “Cloud Computing” was coined to describe Compaq Computers internet business strategy in the early 1990s.

OK. There are a many blogs on Cloud Computing for techies. I follow those blogs so you don’t have to and I am not going to write about any of that. If that’s your thing this one is good. But for creative entrepreneurs, which is the audience my blog is focused on, this stuff really, really doesn’t matter.

OK. So what do I plan to blog about? First and foremost, what problem are you trying to solve or what result are you trying to achieve?  In other words, how does a particular Cloud App help you succeed? And to answer that I am going to be looking at Cloud App functionality, costs, time to setup and maintain, security and privacy of your information, mobile capability, analytics and reporting, ease of import and export, future directions of the software, and the viability of the vendor. And last but not least, aesthetics and good design. As creative entrepreneurs the tools we use every day should be beautiful as well as practical.

Most of my posts will be reviews of specific Cloud Apps, so to keep it simple I created the following 5 point Likert Scale graphic. Next week on Wednesday see my post on How to Get Paid Faster with a Cloud App called Wave.

Likert Scale