Cloud storage: It's strictly for airheads

You shouldn't trust your data to any single service

If it's your data it's your responsibility to look after it.

"the cloud" doesn't absolve any user or organisation from having proper backups in independent locations. It's not "the cloud's" fault it its users are stupid.

Agreed in Spades

Good article Chris. In a private bulletin board I jokingly suggested the new trade of "Cloud Consultancy", people who a company could use to do the verification. But as you say, the companies running these services would deem a lot of the detail on the nature of their infrastructure as too sensitive to divulge.

By the way, you forgot to mention the Amazon outage where it appears to have transpired that part of what any sane person would have considered should be on internal infrastructure, was instead connected to the public network.

Regards

Neil

Microsoft is 100% to blame

The excuse that it was Sun servers and Oracle databases, "that Microsoft was unfamiliar with" is just buying the Microsoft PR damage control spin. Microsoft purchased those servers 18 months prior. Why didn't Microsoft employ someone who understood it?

I think only Microsoft could get away with spinning the truth like this. Imagine any other company that lost your data, and said "it's not our fault, as we were using Sun and Oracle branded equipment". Lost your data because we didn't employ anyone who knew how to use it.

Microsoft was wilfully negligent with the data security of 1 million customers. It didn't follow standard back-up procedures, which has nothing to do with the brand of server used. Then it tries to weasel its way out of responsibility.

At the same time, Microsoft is trying to convince the public to use its Azure and 'My Phone' cloud storage. If Microsoft followed wilfully negligent practices, and didn't bother backing up, who knows how it runs its other services. We really don't know.

What we need is contracts with teeth

I don't think we need regulation: we need contracts with teeth.

If I sign a contract with some cloud provider to keep my data, then I can have the contract say that if they lose my data then they will pay me some amount of money, and similarly for various other contingencies (if my data is unavailable to me for a week, say).

If I sign a contract with a cloud provider which does not have clauses like that in, then clearly I don't care very much about my data (for instance because it's a redundant backup), or I am just too stupid to notice. If they won't offer me such a contract then clearly I need to find another provider who will. If NO provider will offer me such a contract then I've just discovered a business opportunity.

Penalty clauses

Get a proper contract.

Your contract says "you'll pay us £x per month for hosting". Unless your contract also says "we'll pay you £y per day if hosting goes down, and compensate you up to £z if we lose your data permanently", you're not buying a service that's suitable for business.

Penalty clauses have two purposes. The first is to stop someone else's screw-up from hitting you in the pocket. And the second is to *seriously* focus your supplier's attention on not screwing up, because it'll hit them in the pocket. Business managers and business shareholders generally don't care about loss of business reputation or how much everyone hates their company. But they really *do* care when a massive legal bill means they get no bonuses or dividends that year. If that's a likely consequence, the managers *are* going to make sure their staff take it seriously. And if management screw up and cost the shareholders, the shareholders *will* have their collective genitalia on the chopping block and a large fella standing by with an axe.

The 'cloud' - turns out it's a dust storm...

The one thing that REALLY worries me is this tendency pundits seem to have to really believe that 'cloud' (clod) computing is the absolute way forward. If there's anything those of us who actually work in the industry are sure of, it is that there are a few absolute killers of any possibility to moving your data to the 'cloud'.

1. Do you really want all of your data placed on someone else's servers, to be scanned, indexed and kept by that company. Don't try to tell me that the data wouldn't be thoroughly 'raped' by companies such as Google and Microsoft. (Harsh term, yes I know - says how I feel about it though).

2. Are you really so sure in your provider never going bust? You know, when that company that seemed so great who has all of your data to hand suddenly collapses like a flan in a cupboard, and their servers are sold off to cover the administration fees?

3. Are you really so confident that you, and all of your company workstations, will be 100% uptime connected to your data, with no glitches, slowdowns or firewall faults, etc? I wouldn't be. Hell, in this country I'd pretty much EXPECT BT's woefully sh*te infrastructure to fail me.

4. So how much do you trust your employees? OK, that's good. Now, how much do you trust other companies' employees? Put your data up on a system and you are putting it at the mercy of anyone who can access that system. I know from experience that computer security is only as good as the trustworthiness of those who have physical access to the servers. I mean, right now we have any poxy teenage first-job part-time council employee having access to our private data. Do you really, HONESTLY, think it would be any different?

At least standards let you backup you own data

http://www.channelregister.co.uk/Design/graphics/icons/comment/go_32.png I love your statement: "Cloud storage needs open standards for the custodianship of users' data, and only a reputable trade body can provide it." because that is what the Storage Networking Industry Association has been doing. The Cloud Data Management Interface (CDMI) provides a data portability format so that you can move (or backup) your data from one cloud provider to another.

Nobody should be *forced* to trust a single provider for anything, so customers screaming at them to implement a standard such as CDMI just might work...

Crusty old farts...

Perhaps if MS hired a few more aged but paranoid dinosaurs (say, people old enough to remember life BEFORE the internet) with their accumulated scars from past IT disasters, instead of relying solely on cheap but wet-behind-the-ears 20-somethings to run their infrastructure, goat-fcks like this wouldn't happen.

Just saying.

Yeah, I could be your grandfather.

Ha ha!! Chris - you are funny!!!

"It was seemingly based on Sun Linux and Solaris servers, an Oracle Real Application Clusters database and Sun back-end storage that Microsoft was unfamiliar with."

Come on Chris was it Sun and Oracle that caused the problem or wasn't it? Grow some balls and stop making innuendos!!!

If you put your data in te cloud make sure you have got an SLA with the provider which will make it so expensive for him to fail, that he will ensure he has the correct processes, people and tools in place to manage. If it is cheap, you get what you pay for.

However, if Google lose my mail and photos - tough luck - I am not paying for it but they would also lose serious stock points - a type of SLA then. Unless you can maybe, perhaps, perchance blame it on seeming errors by Sun and Oracle (of course all IT people with half a brain - which you do not have - would know it is not the technology that causes the problem, it is the people and the process)