CNN has a February-themed (hearts and relationships) report on the struggles of Mint.com’s data aggregation. This is a good study of data integrity risks in the cloud model.

“The dirty, behind the scenes thing is just how complex it is,” said Mint.com CEO Aaron Patzer, who described the first few months moving users to Intuit as particularly “rough.” But he added, “Intuit’s platform is getting better at a much faster pace now.”

But most consumers don’t care about the nuts and bolts — they just want the same service they’ve always been able to get.

Customers paid for a service that ran on a different Software as a Service (SaaS) platform. Clearly the acquisition team did not properly assess and plan for data integrity risks. The new platform seriously impacts the customer experience, which is not supposed to happen with giant SaaS cloud providers, even when the service is “free”.

Nearly $200 million was spent on Mint by Intuit. It makes a personal copy of accounting software running on an Infrastructure as a Service (IaaS) provider a good security comparison. Is SaaS worth the high risk to integrity (e.g. Mint), high risk to confidentiality (e.g. Google SREs, maps, wifi) and/or high risk to availability (e.g. Twitter whale)? Control of when and what features are added to a service(s) can be a problem with SaaS. The struggling Mint users might be ready to go for something better — something that gives more control over the quality of service delivered.

A beta period, for example, is one way of handling the transition with more user control. Another option would be migration in batches, where users elect to be migrated and then given a higher-level of service while bugs are worked out of the system. These methods are not fool-proof. Perhaps Mint used them but extrapolated experiences of a few users too far.

The bottom-line is users need control — a way to trust that controls are working, as I have discussed before. While some analysts say users “don’t want to know what’s going on in the kitchen” (Forrester quote) that is completely wrong. Forrester confuses trust with a lack of care. Users will know and judge what is going on in the kitchen as soon as they are served. They do not want to be unpleasantly surprised.

Imagine sitting down at a restaurant and saying “I don’t want to know…just serve me whatever”. You would only do that if you trusted the kitchen. And you would only trust the kitchen if…

Customers want to know that what goes on in a “kitchen” is what they expect; that is why they agree to sit and “pay” for a meal. In fact, you could say they chose to sit in a particular restaurant because they thought they could tell what would go on in the kitchen based on things like prior experience, reviews, decor, other customers, etc.. They care about the things that affect them, and when they sign up for a “service” they want to trust that someone is taking care of details.

GovInfoSecurity has an interactive 2010 Timeline of skimming attacks. You can roll over the chart and get details, or just scroll through the text of each attack below the chart.

I found the chart a little hard to read, so here’s my remix:

This makes it easier to see that many of the attacks are classified as “unknown”. At least one example should be familiar to my regular readers:

Tino’s Greek Café
Austin, Texas
Type of Attack: Unknown
Cards Compromised: Unknown
Date Discovered: August 11

A popular Austin restaurant, Tino’s Greek Café, reports that its customers’ card data was stolen by criminals. Some customers have lost thousands of dollars and charges that are turning up from as far away as South Africa and Brazil. Local law enforcement says that customers who ate at the restaurant and used debit or credit cards to pay for meals between March and July may have had their card data stolen. Police continue to investigate the crime and have not yet determined how the criminals stole the card data.

Heartland has said both publicly and to me in person that the attack is “outside their system”. They have hinted at fault with the POS, which I have discussed before. This was their official/PR statement:

The intrusion likely occurred in the third-party point-of-sale system used at the merchant location or as a result of other fraud. The Heartland system has not been compromised in any way.

I will be discussing the details of this case and more in my presentation at RSA San Francisco 2011.

Session ID: CLD-204
Date: Wednesday, Feb 16
Time: 1:00 PM
Location: Orange Room 305

Here is the understated banner they gave me to show you. I asked for a bigger one, but this is what they sent :)