T-Mobile Sidekick Outage Raises Questions On Cloud Security
Numerous Sidekick customers lost personal data such as phone numbers, calendars, photos, contact lists and personalized apps from their mobile devices following a database error in the Microsoft Danger subsidiary, which hosts the Sidekick service.
The Microsoft Danger outage apparently affected the backup servers too, which prevented the company from instantly restoring the lost information. Microsoft said on Thursday that the incident occurred because of a "system failure" in the "core database and backup," but that it had recovered "most, if not all" of the Sidekick customer data that had been feared irrevocably lost.
The incident calls into question the security of data stored in the cloud as cloud-based services experience record adoption rates. In general, many end users believe cloud-based services to be more secure, or the same, as on premise or locally managed databases. According to a Pricewaterhouse Coopers survey, almost half of respondents said that outsourcing data to the cloud improves security while another 42 percent say it had no effect.
However, cloud computing can come with risk, with survey respondents citing the inability to enforce security policy and inadequate training and IT auditing being two of the biggest. Meanwhile, respondents pointed to additional risks that included questionable privileged access control at the provider site, an uncertain ability to recover data, the proximity of the company's data to that of others and the uncertain ability to audit the provider.
Mark Lobel, advisory principal at Pricewaterhouse Coopers, said that often organizations were quick to adopt cloud-based services without fully examining all of the variables.
"There are lots of other considerations associated with it. First you take the costs. How do you get your data back form that application? How do you get out of the cloud? What type of monitoring is out there? How do you know it is really protected? Where does the data live physically?" Lobel said. "All of those other considerations are ones that people aren't necessarily getting their arms around when taking advantage of cloud services."
Meanwhile a T-Mobile spokesperson said that the company was holding off on Sidekick sales for the time being as Microsoft worked to stabilize its platform in the wake of the outage.
Roz Ho, Microsoft corporate vice president and head of Microsoft's Premium Mobile Experiences Division, said that the outage affected only a "minority" of T-Mobile's one million Sidekick customers.
Negative publicity and public outcry resulting from the outage have likely dented T-Mobile's credibility in the smartphone space as it struggles to keep pace with competitors. Meanwhile, T-Mobile offered its fuming Sidekick customers $100 and a month of free data service -- (not free phone service) -- which customers criticized as a weak compensation for the scads of precious information which they assumed was irretrievably lost.
Experts say that the inherent nature of the cloud services oftentimes skews and distributes responsibility for the data, which can present challenges in holding any one organization accountable if that customer data becomes compromised.
Lobel said that going forward, responsibility would have to be determined on a legal front as cloud services gain more traction with customers. And ultimately, he said, the company trusted to directly manage customer data should be held responsible for its loss, whether it's outsourced or not.
"Customers look to (companies) for protection of their information. Customer look to the companies they do business with," Lobel said. "At the end of the day, you can outsource a function, but you cannot outsource responsibility."