What Happens To Data When a Cloud Provider Dies?

Lucas123 writes "When cloud storage providers shut down, as four have done in the past year, users are left wondering how they'll get their data back and whether they'll be able to migrate it directly to a new service provider. More importantly, analysts say, what guarantees do they have that the data stored offsite will be deleted after the shutdown. Currently, there is no direct way to migrate data to another provider, and there are no government rules or regulations specific to data managed by cloud storage providers."

Capt. Obvious reports.

As if people weren't losing any data when "the cloud" was called "shared hosting".

Re:Capt. Obvious reports.

[somersault]

Offline porn collections are largely unnecessary now that we have decent connections and streaming.

Re:Capt. Obvious reports.

[iluvcapra]

I dunno, what do you tell the boss when it breaks? Normally the prospect of losing a vast store of data would make you desire a backup more, not less.

If you are just protecting against service provider default, you can backup you could data elsewhere on the cloud, ya know, as long as the data on A and A' are on machines owned by different people.

OTOH, if you're storing tens of terabytes of data and gigs of diffs, are you sure you couldn't come up with a cheaper solution than a cloud provider in your closet at the shop? For over a certain dataset size, access rate, and data asset value, the cost of maintaining the data versus the cost of losing it versus the cost of indemnifying it against different kinds of losses makes keeping the server on your premises the best option.

Well...

[MightyMartian]

You take your chances if your hosting your data somewhere outside of your control. Unfortunately, when any company goes broke, customer concerns tend to go out the window as the major creditors swoop in to grab what value they can.

Re:Well...

[Pieroxy]

Right on spot. If you give your data away, you give your data away. It is not yours anymore. What the providers guarantees while online dies with the company as people are busy updating their resumes. Whatever means you may have to get to them (legal for example) is usually moot as well since the company is no more.

What you have on YOUR hard drive, on YOUR dvds, YOUR tapes is in YOUR control. Note that it is not necessarily better.

Re:Well...

[Joce640k]

Anybody who didn't think of these things before signing up was Doing It Wrong.

Re:Well...

[mlts]

Don't forget that all SLAs, privacy agreements, and other items are not worth the paper they are printed in come a liquidation. We all heard the adage that possession is 9/10s of the law. It applies here too.

After a bankruptcy, the new holders of the servers can do anything they please with the data on the boxes. PII data about bank accounts and HR records? It can be put as a torrent for all to download, sold to a firm offshore for ID theft, sold to advertisers. There is not one single thing anyone can do about it, provided there is no confidential or classified data present. Trade secret? By law, it isn't a trade secret anymore.

One of the downsides of cloud computing is that all data, be it E-mails on a cloud system, offsite storage, or applications in house can easily be made public to sell to all comers should a cloud provider go bankrupt or change hands. No amount of paperwork can ever go to assure against that.

Only real protection? Encryption, with keys stored with the client, and ONLY with the client. Even then, it still isn't good for cyphertext data to be made public for all and sundry to try to figure out the contents.

Re:Well...

[Golddess]

After a bankruptcy, the new holders of the servers can do anything they please with the data on the boxes.

You mean like how when a physical storage place goes bankrupt?

Re:Well...

[TheRaven64]

Only in the USA. In the EU, doing that would be a massive violation of various data protection directives. If the liquidators didn't blank the drives before letting anyone else touch them, then they'd be liable for massive fines in the UK and the rest of the EU. These same laws make using a US-based host a tricky legal proposition for a lot of EU-based companies, although a lot seem to do it anyway and just wait to be sued if anyone notices...

Re:Well...

[Dogtanian]

Ob.-disclaimer: I don't live in the US, and IANAL- but unless I see clear evidence that you are too, you'll excuse my scepticism...

After a bankruptcy, the new holders of the servers can do anything they please with the data on the boxes.

I'm going to say "[citation needed]" here, because it damn well is(!). Even though AFAIK the US is generally more laissez faire and less strict with info in general than the EU- where, as the other poster mentioned, they'd get smacked into a pulp for doing anything approaching what you describe- I'm still not remotely convinced that any new owners would be legally permitted to sell bank account details, HR records et al with no comeback, simply because they happened to have got their hands on some old hard drives that had that info on them.

The info doesn't belong to the liquidated company, but to the company that had hired that company's services. I don't know the legal position with respect to such info, but I'd be damn surprised if it was okay to sell it.

Trade secret? By law, it isn't a trade secret anymore.

"By law?" Are you sure? And if you're implying that it wouldn't be a trade secret because it was leaked (and we accept that what you're saying is true), would this make the original *cause* of that leak- i.e. random-new-owner-of-the-server-hard-drives releasing it, possibly for money- legal?

One of the downsides of cloud computing is that all data [..] can easily be made public to sell to all comers should a cloud provider go bankrupt or change hands. No amount of paperwork can ever go to assure against that.

No paperwork can protect against leaking in the process of a sell-off, or stop someone selling it off, even if it's illegal, so that should be borne in mind. However, the main thrust of your argument, that activity like this *wouldn't* be illegal- is more questionable.

I'm not saying that you're definitely wrong, just that I'm not taking what you're saying on trust... and also that I'd be pretty shocked if it were true(!)

Risk Reward...

[BoRegardless]

A cloud based form of backup or duplicates can only be one leg of a system to protect data. Gotta have at least 3 legs to stand on.

The reminder that 4 services closed in one year is fair warning.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Welcome back to mainframes bitches

[sheepofblue]

The cloud has immense uses but "trust me" is not something you ever want to here from the government or a company. Anyone that puts there assets out in the ether with no alternate location is asking for trouble.

Re:Welcome back to mainframes bitches

[Carewolf]

Torrents are the classic cloud-storage that inspired the concept. Also personal details in social media is another source, in terms like "nothing is forgotten in the cloud".

The reason for the devolution of the name is of course that Google's search service internally is structured like a cloud, but of course their storage services are not, because unreliable indexes are acceptable, unreliable data storage is not.

Is this a cloud specific problem?

[dmomo]

I'd think these issues are general so far as storing your data "anywhere but here" is concerned.

What? Never heard of SCP?

[l0ungeb0y]

Storage is cheap. Just get something like a dRobo, throw some barracuda HDs in it and you have a multi-terabyte raid array.
Just SCP your files down the net into the black box and you're all set. Question is, why aren't you doing this already?
Just leaving your files up on your host and NOT backing up to local storage is classic dumbfuckery.

For databases, most cloud users use MySQL anyway, so just use the admin tool to back up and replicate to a local server. Don't have a suitable machine for a local server? Get a mac-mini, they are rather inexpensive and come with MySQL5 pre-installed and configurable through Apple's server admin interface.

Re:What? Never heard of SCP?

[rgviza]

more important than "here" and "there" multiple backups is offline storage. Keeping your data backed up to a share (onsite or offsite) only helps until one of your employees decides to go bonkers and delete the live data _and_ backups on your network to really fuck the company. If you have an up to date tape locked up in a safe somewhere you can still get your data back in this scenario. If you are only backing up to SANs and an employee does this you are truly fucked.

The most dangerous (and most often overlooked) threat to your data is a malicious rogue employee.

The only protection from this is physically secured offline storage media which is updated/offloaded daily.

To all Cloud entrepreneurs & VC's

[MagikSlinger]

Dear Cloud entrepreneurs and VC's:

If you are wondering why businesses aren't trampling themselves to go to a public cloud, here is half your answer. The other half was the Amazon outage. A CIO does not like depending on an outside company for his uptime metric. He wants total control. If there is an outage, he wants HIS people on it reporting to HIM. He doesn't want to go back to the CEO, "the cloud provider is working on it and there is nothing I can do to make it go faster."

If clouds happen, it will mostly be private clouds under the company's control. Sure it may not have as high uptime or be more expensive, but at least it's under their control. You surrender control going to an external cloud.

Re:To all Cloud entrepreneurs & VC's

[LWATCDR]

Please yes they really are. The problem is that people are taking the wrong lesson from this.
1. Machines fail.
2. Don't expect things to not fail.
3. Don't be stupid.

NetFlix did not go down. Amazon did not go down. Both use E2C. Foursquare and Redit went down. So what was different?
Simple NetFlix used E2C to build a distributed system with redundant nodes. Foursquare and other did not.
Just like every other discussion where people talk out their but about how distributed systems are more reliable they failed to understand that you must plan very carefully and plane to build reliable distributed systems. Otherwise you create a systems with many points of failure and little control.

Re:This is why...

[oztiks]

And this is why I wont be using harddisks for anything of value. I've printed off the contents of all my storage devices on A4 sheets of paper in raw binary format, recently I've had to renovate the garage to cater.

That's easy

[lavagolemking]

It rains down your data, everywhere.

Re:Hmm...

[jedidiah]

That information is my personal property.

It is the government that usually sorts out property issues (and contract issues). There is a VERY long history of this.

Sorry to rain on your psuedo-libertarianism parade but the government is exactly the right entity to help sort this out. This is a simple property issue.

Migration

[sourcerror]

On shared hosting you can migrate from one service provider to the other without major pain, because there are a lot of providers offering LAMP/J2EE/ASP.net etc.
In the case of the cloud, you depend on the cloud APIs which aren't standardized and because cloud servers aren't a commodity. You can't migrate from Amazon cloud to Microsoft cloud without writing your own abstraction layer on top of proprietary cloud APIs.

Re:Migration

Meh apis blah blah. When the shared hosting was at its peak during the second dot-com boom, you had at least several flavors of unix, several versions of apache with minor api differences, various databases with various options compiled or not compiled in, gd with or without gif support, and don't even start me on the php or perl module availability. Migration was as much a nightmare then, as it is now.

And the "big issue" was the same then as now -- in the end, the data is the responsibility of the entity that needs it most. It is a safe assumption that no one else will care about your data but yourself. It is also a given that the SLA will have a liability limitation that will top at what you have actually paid.

The rest is just bullshit and sensationalism.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Answer: TBD

[ErichTheRed]

In my experience, non-IT companies are falling all over themselves to move to (at the very least) hosted IT services. The true answer to this question will come out when the first major provider flames out. Think about this with a cynical eye towards the situation. CIOs and other decision makers are under immense pressure to cut costs, especially in companies where IT is not seen as a strategic investment. For every software company or non-IT company that uses IT to its advantage, there are 10x as many who use IT for file/print/email only, and see it as a cost like paying the janitor and building staff to keep the place running. Cloud providers win business by doing a shiny PowerPoint with animated graphics showing all those power-eating servers and local IT staff fading into "the cloud." At the same time, they promise the ability to get rid of your IT staff and replace the current IT spend with a monthly charge that can be completely written off as an operational expense. MBAs are seemingly taught on Day 1 that human resources are a necessary evil to be minimized, and that operational expenses are preferable to fixed asset spending. Therefore, this PowerPoint resonates with them and the decision is made.

The problems come behind the PowerPoint. Every IT problem the business had before now becomes the provider's problem, including data storage/retention, bandwidth issues, server provisioning and all that stuff. How well does it work out? Everything depends on the competence of your provider. Even with ironclad SLAs in place, (a) Really Bad Stuff can still happen that makes them null and void, and (b) SLAs are only a piece of paper guaranteeing you free service or a payment in the event of an outage.

Any business considering The Cloud needs to think of the following:

• Do I trust my provider to handle my data? Is there anything so proprietary that I wouldn't mind having exposed on the Internet by a disgruntled cloud provider employee?
• How much does it actually cost me to be down for X minutes? Am I willing to pay to have the provider properly architect the solution to work around this or am I willing to eat that much money? Is any SLA they can provide me going to compensate me for the full losses that downtime generates?
• The Cloud can also be achieved locally through server consolidation, investing in more flexible network infrastructure and increasing internal operations efficiency. Would I be more comfortable doing that?

(If this sounds like the list of questions to ask when considering an outsourcing agreement, it is. Cloud is just IT outsourcing without a directly accountable staff at the provider.) Businesses who want data integrity and decent service need to realize that they have to pay for it, just like they do in a traditional outsourcing/hosting scenario. If a CIO chooses to go with the equivalent of GMail for their internal messaging, just 'cause it was cheaper than the fully-hosted, DR'd, off-site backed up, SOX-compliant managed email service, then they deserve what they get.

Cloud Insurance?

[ToxIk_Waste]

family guy reference

Re:MOD PARENT UP

[mcavic]

the cloud is just a new name on an old concept

Pretty much. And the increased visibility means it's now being used by people who don't understand the need for a backup.

Screenplay working title

[ThatsNotPudding]

All Bits Go To Heaven.

Between the powerpoint and the problem...

[140Mandak262Jamuna]

Cloud providers win business by doing a shiny PowerPoint with animated graphics showing all those ...The problems come behind the PowerPoint ..

But between the powerpoint and the emergence of the problems, there are bonuses for the top management. The gang has shown the powerpoint to the board and have already awarded themselves fat bonuses and have already left camp looking for their next chump. The board also does not care too much, they get paid, what 100K for six meetings in a year? and the free use of corporate guest houses, jet, club memberships and special boxes in the stadia...

The stock traders don't care either. They buy before the conference call, wait for the "guidance" from the CEO and sell a day after the call.

So who pays? The ultimate chump is the small investor and the taxpayers. The big investors would be bailed by the government.