The OCRE Project had the opportunity to sit down and chat with Carsten Thiel, CTO of the Consortium of European Social Science Data Archives (CESSDA), about Commercial Cloud in academic archiving services.
Over this short series of blog posts, we will learn what Carsten Thiel had to say about the challenges for data archiving and reuse, some misunderstandings, and the real benefits of Commercial Cloud solutions for researchers.
The use of Cloud Services has grown immensely over the last 15 years since Amazon introduced its Simple Storage Service (S3) and Elastic Compute Cloud (EC2) in 2006, which pioneered the usage of server virtualization to deliver IaaS (Infrastructure as a Service) at a cheaper and on-demand pricing basis, thereby populising Commercial Cloud Services.
Today everyone uses Cloud Services, whether directly through IaaS, PaaS (Platform as a Service), and SaaS (Software as a Service), or indirectly by simply using an app on their phone which uses the cloud. There has been significant movement away from local storage and processing to on demand services.
In the research field, the process hasn’t always been so smooth. Publicly funded research is sometimes hesitant to use private and commercial cloud services. European institutions can be unwilling or unable to use North American cloud providers due to privacy regulations or purely to mistrust.
Carsten Thiel believes that misunderstandings are responsible for much of the hesitancy in exploiting commercial services.
"I don’t see a problem with commercial cloud services in the way that we're buying them as services. The problem obviously starts when you're no longer the one paying for it; when the business model changes. Using Google solutions with your free Gmail account works on the surface the same as it does for us with our G-Suite. But the legal basis is very different. What Google is or isn't allowed to do with the data on our commercial G-Suite subscription is very different from what they’re allowed to do with a file that's owned by your Gmail account."
The use of commercial cloud services is protected by contracts which determine and limit what the provider can legally do with the data hosted on their servers. There is little danger of any foul play as it would result in severe commercial consequences. However, many people conflate buying a cloud service with using a free service such as Gmail.
In the free service business model, the service provider is able to provide the service for free because they are gaining revenue by harvesting data for advertising purposes. In a paid model, you are essentially paying, not only for extra tools, server space, features etc., but you are also paying for complete privacy for your data. Despite this, is there a risk that users of Commercial Cloud Services could still be tracked?
"Yes, it is possible that Google could do some sort of analysis of who's accessing our services running on their cloud, based on network traffic, and so on. But given that the data we're dealing with is not sensitive, this vague possibility is not really an issue for us."
So even if the risk is low, it is important to weigh it up with regard to what you will be using the Cloud Services for. In fact, not everyone in Europe is calm about using American Commercial Cloud Services.
"So we have one case in the SSHOC project. There is a partner who says they're not allowed to use Google. Because it's Google. We asked them, so how do you suggest we communicate, because our email addresses are operated by Google, our phones are running an operating system developed by Google on hardware developed in Korea, so written letters are the only communication method possible. But can they be printed on our business printer? They're all cloud connected as well. That's really challenging."
Regardless of how we feel about it, the reality of technology is in the Cloud. Commercial Cloud is not risk free. It is a commercial service being offered. If you hire a plumber to fix the pipes, you want to do your due diligence in picking a trustworthy plumber. Any time you pay someone to do something for you, there is an inherent risk.
With the OCRE Cloud Catalogue, you can find the right Cloud Service Provider for your research institution’s needs. Each of the 40 countries covered by the catalogue have a range of both European and American cloud platforms available. The catalogue also includes contact details for your National Research and Education Network (NREN) who will be able to help you find the right solution for your institution.
About Carsten Thiel
Carsten Thiel is Chief Technical Officer (CTO) at CESSDA ERIC, the Consortium of Social Science Data Archives, at its main office in Bergen, Norway. He is charge of CESSDA's technical roadmap and strategy and the infrastructure's interoperability within the EOSC, including the SSHOC cluster project, which is coordinated by CESSDA. Carsten has previously worked at the University of Göttingen as Technology Coordinator and Co-Manager for the DARIAH-DE research project and worked with DARIAH ERIC on its EC funded projects. He holds a PhD in Mathematics from University of Magdeburg. His research interests include digital research infrastructures, distributed development processes and the DevOps approach to infrastructure management.