Starting last January, more than a few blogs posts have been devoted to explaining the saga of Megaupload, the file sharing or “file locker” service whose web domain was seized by the US government. While the actual circumstances of this case are extreme—criminal asset seizure laws applied to copyright infringement—the effective results, a cloud-based service suddenly going dark leaving subscribers stranded, is not that uncommon. With the rush to Big Data in the Cloud, companies should also be thinking about Big Backup.
Over the last few years I’ve been an active user of many SaaS startups, as well as depending on web hosting services for my own personal projects. During this time, a few of my app providers have shut their doors. However, when this final step was taken, it has usually been performed in a graceful (and business savvy) manner. Subscribers are generally notified weeks or even months in advance before the cables are yanked from the server racks. The user community then has time to get the word out to its members to download files, pictures, code, docs, music, and any other digital content for safekeeping.
While government property seizures are unfortunate and (we hope) a rare event, it’s more likely that customers lose access to data as a result of billing disputes or financial problems, including bankruptcy, on the part of the provider.
On the latter point, in this recent period of intense social media startup activity, investors expect exponential growth, or else they’ll turn the cash flow spigot off in an instant—while holding their customers non-portable data and apps. See, for example, Color, Oink, Gowalla, or Hashable.
So what’s the recourse for cloud customers in these situations?
It is solely subscriber’s duty and responsibility to backup subscriber’s files and data on our Cloud Service, and under no circumstance will our Cloud Service be liable to anyone for damages of any kind under any legal theory for loss of Subscriber files and/or data on any of our servers
Or you may even see this:
Our Cloud Service serves the right to freeze or terminate your access to Cloud Servers, or take any other measures deemed to be appropriate (as determined by our Cloud Service in its sole and absolute discretion), at any time and without prior notice, to enforce this Agreement or to ensure the stability of its network.
There are two key points that should be considered when your organization’s data resides on someone else’s disk drives. First, while many of these cloud services will back their file systems up on an occasional basis, no company should blindly outsource their backup responsibilities. A cloud service is a magical black box in many ways, but sensible backup rules still apply. Of course, some of this can be worked out in Service Level Agreements.
Second, backing up data using the same cloud service provider opens your company to data denial risk of the kind we opened this post up with—the service shutting its doors. If you use another cloud service to do the backups, you’re merely kicking the risk down the Internet highway.
Along with the risk of data denial, there are complexities involving overall control of data and security protections. In fact, there are enough fine-print details to be worked that a few law firms have stepped up to provide due diligence advice and negotiating strategies.
If all this is making you nervous about keeping your data with a cloud provider, we certainly understand. Varonis has solutions to help you gain the benefits of the cloud while avoiding the risks of depending on others.
While I won’t try to argue against any company using a cloud service, they should take reasonable precautions in protecting their interests and minimizing data risks.
Or else they may end up like this business, stuck in the Megaupload legal web and arguing in Federal court for the right to get the sole copy of their data back.