• 07/06/2012
    1:02 PM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Cisco's Connect Cloud Policy Change Was Bad Business

Late last month, Cisco started requiring users to create Connect Cloud accounts to manage their routers, and changed its policy to allow data collection and retention. The company has changed course; find out why that's for the best.

Networking vendors like Cisco and Juniper have added data-gathering functions to their enterprise equipment that, when directed by support or initiated by an administrator, will bundle together a bunch of data like the configuration and current status and send it to technical support. This is beneficial because it saves the administrator the hassle of running a bunch of obscure comments, capturing the output, zipping it up and sending it to support. But you, the administrator, have to kick off the process with the enterprise products.

Having the same feature in a home router makes sense provided you, the router owner, are the only person who can initiate the process. Giving Cisco carte blanche to gather data at will is not right, and Cisco was overreaching. What the company could have done, and should have done, is made the data gathering opt-in and then made a brief request on what it wanted to gather and how the data would be used. Data acquisition is common in mobile apps, where the developers ask if they can collect data so they can track feature use and focus development efforts. I bet there are many customers, including me, who agree to the data collection. The key is: Ask first.

Data gathering is a particularly troubling governance issue for enterprises that have home employees. The amount of data like host names, application names and even query parameters in an HTTP request can lead to inadvertent data exposures. If you, the employer, can't determine where your data is residing, you have a potential governance issue, and automatic data collection, even for benign reasons, is a problem. Granted, most remote employees access IT resources over a VPN, but there's no guarantee that some data doesn't leak out. The point is, you don't know.

The second issue was the affected routers required customers to sign up for a Connect Cloud account before they could manage the router. Prior to the update, customers could just log in locally. Cisco should not have tried to force customers to create accounts to access devices they already purchased.

Worse, if you were found in violation of the Cisco Connect Cloud Terms of Service, "Cisco shall have the right, in its discretion, to modify, suspend or discontinue the Service at any time without liability to Cisco."

You could, apparently, disconnect the Internet side of your router to get local access, but that's not helpful especially if you are troubleshooting a problem that you're researching on the Internet.

Subscribing to Connect Cloud should be optional unless you're explicitly buying a system that's marketed as a hybrid management system, where the box clearly states that you're required to sign up for an account prior to use. Vaughan-Nichols tried it and reported that he thought there were some nice features. There very well may be excellent features, but don't pull a fast one and require an account after customers have already bought and installed the product.

I understand that companies like Cisco want to create good services and a good customer experience. I don't believe they are Evil Corp., wanting to spy on your every move, but there are better ways of making service changes such as asking before you make fundamental changes to a product and allowing those fundamental changes to be optional for those who don't want the features. Because remember, Cisco: Your customers are using your products in ways beyond your intended use, such as remote employees, and service changes can have broad impacts.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments