It turns out that size and brand value alone are not enough to assure the safety of your data when stored in the cloud. Last week, an outage at T-Mobile's Sidekick service, which is operated by a subsidiary of Microsoft, appears to have irretrievably wiped all user data.
So who can you rely on in the cloud, if you can't rely on two of the world's biggest IT and telecommunications organizations? Is this yet another illustration that cloud computing will never be dependable enough to trust with your most precious data?
I believe cloud computing will prove itself in the long term, but what this latest outage demonstrates is that most cloud providers can't be trusted. So how can you identify the minority that in my view can be trusted? There are three key questions to ask:
- Is cloud computing the provider's core competence? Clearly, in this case, neither of the main players rely for their core revenues on cloud computing. However huge the corporation, this should always throw up a big red flag for customers: most big, established software companies know diddly-squat about delivering on-demand applications. If cloud isn't a core focus of top management, then it won't get the investment it needs, further diluting an already weak culture of service delivery.
- Is the provider operating a truly cloud-scale infrastructure? Microsoft acquired the Danger subsidiary, which ran the Sidekick service, in February 2008, but there's been some speculation that the start-up's infrastructure has never been upgraded. Although start-ups can't normally afford their own cloud-scale infrastructure, there are plenty of third-party options out there these days. There's no longer any financial excuse for anyone putting customer data at risk in sub-standard infrastructure (Microsoft didn't ever have that excuse, of course, and is now paying a heavy PR penalty for failing to put Danger's infrastructure straight at the earliest opportunity).
- Does the provider adhere to this five-point code of practice? The lack of an option to download data from Sidekick for safekeeping elsewhere was a clear contravention of point 5 of the code, "Let customers leave whenever they like," and should have given any user signing up to the service pause for thought. Catastrophes do happen, and users of cloud services must always be sure they have access to a backup if the unthinkable happens.
The Sidekick disaster is, as many have said, a setback for cloud computing, even though it's a demonstration of 'how not to do it' that others will, I hope, heed and learn from. But it won't be the last such disaster because so many of the providers now starting to offer cloud services are doing so without the commitment and culture that is needed to do it right. Cloud services present enormous opportunities for buyers, but the risks of choosing badly are also high, and will remain so for several years yet.