Lately, a few of my cloud providers have ended their services. I don’t really take the time to read the “Why” portion of the email because, to be honest, I don’t really care why. My concern is how can I hold on to all my information on that cloud. This Forbes article by Joe McKendrick comes on the heels of two of my to do list cloud apps announcing that they would be shutting down within the a three month time frame.
There’s plenty of concern about data security in the cloud, but perhaps the riskiest part of cloud is whether your service provider will be around in a year, three years, or five years. The provider needs to be financially viable, and also committed to retaining its business model.
Network World’s Brandon Butler reports that a cloud-based storage service, MegaCloud, has gone dark, with no warning or explanation to users. It’s not clear what happened to the site, but either way, it’s not a good sign for the site’s customers. (Note: MegaCloud is not to be confused with the MEGA storage service, which appears to be doing fine, thank you.)
As NetworkWorld’s Butler describes the situation with MegaCloud:
“The website for MegaCloud, a provider of free and paid consumer cloud storage, is inaccessible and users of the service are complaining on social media sites that they have not had access to their data for days. It’s unclear why the service is not working and whether it is because of a technical glitch or if the company has gone out of business. When attempting to access MegaCloud.com, it returns a notice that the site could not be found. None of the other sites associated with MegaCloud work either, such as the features page, pricing information and the contact links.”
My own attempts to reach the site also return a “Server not found” message. MegaCloud is a consumer-focused site that offered up to 8 GBs of free storage. But this is the kind of situation that could happen to any business as well.
With the recent boom in cloud services — with lots of vendors large and small jumping into the market, it’s inevitable that a number will close up shop. The best hope is if they can be acquired by someone else. If a cloud services provider is going out of business — or changing its business model — it’s nice to know that it may provide some advance notice, preferably more than 30 days’ worth. But there are no guarantees, and the best a company or individual can do is to be prepared beforehand. Either have all data backed up locally, or with a secondary cloud service.
It simply could work this way, taking advantage of the best of both worlds:
- If you’re storing data onsite, back it up with a cloud service.
- If you’re storing data in the cloud, back it up onsite.
Individuals can’t reach in and pull the covers off the financial health or management dysfunction of cloud service providers. But enterprise users are in a better position. One CIO I spoke with has made it a point to get involved with the provider’s board of advisors. If you can’t get that deeply involved, at least build a good working and collaborative relationship with the provider’s staff and managers.
Importantly, for business users, the fate of data and other assets needs to also be clearly spelled out in the contract beforehand. The area of contract negotiations around such critical matters is still muddled, as I mentioned in a post in January, exploring the findings of W. Kuan Hon, Christopher Millard and Ian Walden, who documented their findings in a recent issue Stanford Technology Law Review.
Based on their discussions with cloud users and providers, they found that once they hand over data to a cloud provider, anything goes. Losing data because of bankruptcy on the part of the provider is one thing. But the fate of data in the event of contract termination or change in service is also a big question mark.
For instance, the researchers found most cloud providers will not provide for liability in the event of data loss due to an outage — or, by extension, a permanent outage due to going out of business. As they put it: “According to our research, providers state liability is non-negotiable, and ‘everyone else accepts it.’ Even large users had difficulty getting providers to accept any monetary liability, with one global user stating that generally it ‘had to lump it,’ and another saying, ‘they won’t move.’”
The researchers also observe there hasn’t been a lot of negotiation yet around data retention for legally required purposes, such as litigation e-discovery or preservation as evidence upon law enforcement request. “We think it will become more important in future,” they add, but question how much assistance providers will give users — such as providing long-term storage. One area that is being negotiated with increasing urgency is users’ ability to have data returned upon contract termination. “There are several aspects here: data format, what assistance (if any) providers will give users, what if anything providers charge for such assistance, and data retention period.”
Another question that comes up, they add, is how long after termination users have to recover data before deletion. “Many providers delete all data immediately or after a short period (often 30 days), but some users obtained longer grace periods, for example two months, perhaps requiring notice to users before deletion,” the researchers add.
The bottom line is cloud customers need to take full responsibility for the viability and security of their own data — don’t rely on the provider to handle such an important task.