In early March 2016, Salesforce suffered a major outage. Its cloud infrastructure was interrupted because of a problem in its storage layer, which made the service unavailable for ten hours. This would probably have felt longer to the employee or enterprise who depends on this infrastructure for their livelihood, since they wouldn’t have known when it was going to come to an end.
This isn’t the first time the cloud has let someone down. It’s two years since cloud business 2e2 ceased to exist, still owing money to its creditors who were pressing for a total of £257.2m. When it shut its servers down a lot of clients found it very difficult to get their data back.
There are a number of strategies to ensure that your cloud data and apps are protected. Of prime importance is the selection of the right cloud partner, as any 2e2 customer will tell you.
Some of the things to ask or indeed insist on when selecting a cloud partner would include:
- Where is my data being held? The notion of “data sovereignty” means the laws of the land in which your data and apps are physically stored. Smaller cloud partners might wish to offshore this task; this might mean that instead of accountability under the British Data Protection Act or an European equivalent, your information could be subject to the Patriot Act in the US, under which anyone in authority can apply to see it.
- What service level agreements are included in the contract? Service level agreements (SLAs) need to have everything spelled out. Organisations have in the past fallen foul of assuming that they were backed up if their provider’s servers fell over (you might be but check). And as Salesforce found out, no company has 100% uptime; make sure you have an agreed level of service and clauses about what happens if they are not reached.
- Can you visit the premises? A reputable small cloud provider should be happy to show you around the server farm and explain how it is cooled, insulated from the elements and how the security around it works.
- Am I covered if my data goes missing? It’s worth checking this from two angles. First you need some reassurance that your data is being backed up, and backed up somewhere that’s covered by your own country’s legislation. Second, there needs to be a documented procedure for data recovery in the event of a loss and compensation if the loss is irretrievable.
- What is the exit plan? Planning for a contract when things are going well is easy. It is vital also to have a Plan B for when they go less well, and to be assured that there is a relatively easy way to move from provider A to provider B.
There is nothing to stop someone putting a server in a leaky shed and announcing that they are a cloud company. Obviously this sort of indiscriminate approach can damage the clients’ businesses and is unlikely to last, but versions of it persist.