Box CEO: Full technical disclosure will come - but cloud's too young for it yet

Box CEO: Full technical disclosure will come - but cloud's too young for it yet

Summary: The youth of the cloud industry means companies are keen to keep hold of their “secret sauce” and not disclose full technical information to the public, according to Box’s chief executive


Until the cloud market gets bigger, companies will have no motivation to disclose the innards of their IT infrastructure to the public, according to cloud storage company Box's chief executive Aaron Levie.

While Box will give technical details to its large customers, it makes them sign non-disclosure agreements so the cloud storage company can retain its "secret sauce", Levie said. It's a strategy used by other cloud companies - ZDNet understands that Netflix gets more information on AWS's cloud than is publicly disclosed, and is also bound by NDAs.

"I think there's a lot of very productivity-centric reasons for why you'd want to be transparent about it, it makes you competitive when you can do that," Levie said, before acknowledging that there are still "parts of your infrastructure or process that due to your competitive secret sauce are important from a privacy standpoint."

As the market for cloud computing grows, companies may need to disclose more information at the behest of customers, but for the time being the infrastructures of cloud-focused companies will remain hidden, Levie believes.

"Right now there's so much competition and such a heated marketplace that people are way more focused on innovation and competing that that marketplace has not yet required that level of openness," he said. "You're always testing the line of how much information you share and expose."

By example, although Levie told me that Box uses MySQL to store the pointers that link to customer data, he would not tell me what open source filesystem Box uses to store the data. Equally, while he eventually disclosed that Box is likely to choose Amsterdam as the site of its first European colocation datacentre, he would not tell me whether the facility sits in Amsterdam's Schipol datacentre hub, or is located in the city itself where a lot of fibre is.

It's a general problem with the industry, according to Yale academic Brian Ford. Cloud providers' secrecy could lead to cascading failures due to unforeseen bugs in colliding software, according to Ford -- a prediction which was borne out by the weird flaws that appeared in Amazon Web Services' infrastructure during a recent outage.

However, Ford sympathises with companies that want to keep their details private, but thinks they should at least be disclosing full technical details to someone, even if it's a third party information brokerage.

"I think ultimately disclosure for the class of risks that I was talking about, I think some form of disclosure is really critical," Ford told me. "It doesn't necessarily have to be disclosure to the public, it could be disclosure to some trusted third party or certifier or something like that. There's a lot of both technical and probably political and economic questions."

Box's Levie thinks that disclosure will come with time, arguing that the opaque way providers treat their infrastructure is more a sign of the immaturity of the "nascent" cloud market: until customers start demanding information be put in the public domain, companies have no motivation to put it there.

"Customers don't fully [understand] enough those differences between Microsoft and Google and Amazon in terms of what is in their stack and maybe in time they will and that will force more vendors to care about their technology," Levie said.

Topic: Cloud

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • It's never going away.

    It's never going away.

    You're never gonna see KFC's secret recipe, no matter how much you try to convince yourself it's somehow "inevitable" to happen.

    And last I checked, fast food is a mature industry.

    So no, it has nothing to do with maturity.

    It's just how businesses differentiate themselves in a competitive market. It's a fact of life that even some of the oldest businesses have to work with.

    Yes, of course they will have to deal with issues of systems being too interdependent and cascade failures.

    But I don't think that's really a transparency problem. It's an inherit flaw of the cloud architecture, where you put too many eggs into one basket. Doesn't matter if it's a wildly redundant and distributed basket, it's still one basket. If you're totally dependent on that one basket, and it goes down, you go down with it. You have no plan B.

    100% pure cloud architecture is fundamentally flawed. It can't be fixed, except to drop the "100% pure" requirement.

    Which is why I push for hybrid systems. A hybrid system puts the eggs in both the cloud and the local baskets. Your eggs are no longer in one basket, and if something happens, you can recover. If you don't have internet access, you can still use the device, because there's a backup of your stuff locally. If the device gets broken, you jump onto the cloud with another device.

    The strengths of the local device covers the weaknesses of the cloud, and the strengths of the cloud cover the weaknesses of the device. It's win-win. I don't see why people have to get all idealistic about the cloud and ignore an even better solution.