Back up your online data. Now.

Back up your online data. Now.

Summary: The dark side of the cloud is bankruptcy. If your cloud provider fails, do you have any back-up copies of your data, and do you have a recovery plan in place? Be ready for those unthinkable, black-swan events that the credit crunch has made more likely.


The dark side of the cloud is the risk of financial failure at your provider. At the end of October, Digital Railroad, a photo archiving and commerce site used by over 1,500 professional photographers, shut down without warning. Users had just 48 hours to recover images stored on the site. Even if all of them had been in a position to log on and tried to download their data, it's doubtful there would have been enough bandwidth to service the demand.

Lightning stormBut surely if a site has a paying, professional customer base of that size, someone will step in and pick up the business? Hosting companies I've spoken to in the industry who specialize in SaaS hosting have said they'd rather keep a service alive until another owner takes over than wipe the systems clean and start over. But it depends who owns the hardware. In the case of Digital Railroad, after two failed attempts to find a purchaser for its image storage and retrieval assets, company representatives on November 10 announced this devastating news for anyone still hoping to retrieve images stored there (I've bolded the chilling three words that sealed their fate):

"Without a commitment for the purchase of its assets, DRR's senior secured creditor will move to take physical possession of the hardware on which the intellectual property of DRR and the copyrighted images of its customers and partners reside. The creditor will have all information erased from the storage devices and then sell the equipment at auction.

"Digital Railroad had hoped that it could preserve the images on the storage devices so that the owners of these images could recover them. Unfortunately, this was not achievable. We apologize for the difficulties that this has created but without additional resources we have no other recourse."

Does this example mean we should all stop using cloud providers and go back to the 'good old days' of running our own software and servers? Of course not. You're more likely to lose everything to a disk failure on your own machines than you are to a business failure of a thid-party provider. But it's still essential in either case to have a back-up strategy.

This is especially important while the ongoing credit crunch continues to create black swan eventualities that people haven't planned for:

I've said before that I think a SaaS code of conduct should include some assurance that a service will continue operating for long enough to put other arrangements in place even if the provider goes out of business. It's up to providers to work out how to set up an assurance of that kind, but I suspect the developing economic conditions will make it more and more of a selling point for those that do it. In the meantime (and irrespective of what providers do or don't do) customers have got to get into the habit of making sure their data is backed up either on-premise or at some other cloud provider, and they must prepare a recovery plan so that they know what to do if disaster unexpectedly strikes their provider.

Topics: Data Centers, Cloud, Emerging Tech, Enterprise Software, Hardware, Legal, Storage

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Don't think it's viable...

    SaaS has always been an interesting concept. It has some applications, sure, but in the larger scope, will never extend to businesses. It would be irresponsible for any business or governmental organization to store information, private information, on external servers. Regardless of an "SaaS code of conduct", this would prove to be dangerous.

    No, I think there is a small market for things like Google Docs...but nothing more. And I would never use an SaaS for anything remotely private/personal.
    • Buzzwords and the foolishness the bring...

      I could have sworn there were many hosting companies like Rackspace and The Planet out there that host servers for some major companies. I have yet to see someone explain how this is different from this new "SaaS" and "cloud" talk except its geared towards specific applications being moved to a central location.

      If people think all the data they send to companies is always stored in house and never on any externaly hosted servers then they are fools.
      • Depends on the business

        I work for a financial institution that I am 100 percent confident will never even consider having our core data stored on external servers. Some of our systems, sure. But the liability of having some other company handle our core systems is too great. We go to great lengths to make sure any personal data is secure. Using an outside company adds a second layer that is, at best, "probably" secure. Sometimes probably just isn't good enough.
        Flying Pig
  • You???re more likely

    Of course not. You???re more likely to lose everything to a disk failure on your own machines than you are to a business failure of a thid-party provider.

    Says who? You?
  • IMHO, any company responsible for customer data...

    Should be required, by law, to have an Escrow in place to guarantee operations for a minimum of 6 months in the case of corporate failure. This would give customers enough time to remove their data from the 'cloud'.

    Man, I hate that damned term.
    • They have to call it "the cloud"

      as "Smoke and Mirrors" was already taken :)
    • Term Cloud

      It may fit as you don't really know where the cloud is going & there just may be a major downpour leaving all the data down the river!
  • RE: Back up your online data. Now.

    "You???re more likely to lose everything to a disk failure on your own machines than you are to a business failure of a thid-party provider"

    That's the most ridiculous statement I've ever read. My notebook computer is backed up daily to a usb drive. Very cheap and reliable solution.

    I see SaaS companies as fly by night operations. One day there here, the next there gone.
    • BackUp strategy

      I would trust a paid provider before I would trust my critical data to my own external device even if it was "backed up daily to a USB drive." I had an external USB drive stolen last month. (I don't keep my backup drive with my laptop -ever, but my secondary drive is frequently with my laptop.) I generally keep all data in at least 3 physical locations (always at least one in "the cloud") I've had TWO acquaintences this month who carried a thumb drive in their pockets and it fell between the seats in their cars and was crushed by the seat adjustment motor when they tried to move the seat to remove the drive. Freak accidents do happen and disasterous coincidences occur. Computer/data professionals are "paid to be paranoid" and it is a good philosophy for everyone to apply to the data world. As data becomes more and more critical to our lives, we need to have more and more options and better and better institutions to support them. Despite relatively stable banks, it's probably good to have a mattress handy --as evidenced recently!
      • Data data everywhere

        I agree, I do the same. I have a USB drive in the office, one at home, backed up to DDS tapes kept in the firesafe, and all critical projects are backed to a USB key as well. While I have used an SSP in the past (remember X-Drive?) to transfer files to clients I have never felt comfortable putting customer data up there. Even in an encrypted, password protected ZIP file I would never leave anything there once it had been recovered by the client.
        On the other hand, someone without an IT background might not use all those precautions, and the two drives + tape are never all at the latest revision, so someone like a photographer might actually do better with a cloud solution. That doesn't mean they shouldn't have a backup though, if only DVDs kept in a safe somewhere.
  • RE: Back up your online data. Now.

    Wow. I have been all over ZDNet saying the same thing over and over about Cloud Computing companies.
    I have been hoping that the market would solve the main issues but it looks like either cloud computing will become a niche product or world governments are going to have to step in and legislate to solve basic issues.

    1. Data ownership. The above case is part of this issue. If you own your data how can they legally erase it? Chances are they have a EULA that either has a clause in it to allow them to do what they want with your data or they have a clause that allows them to amend the EULA itself.

    2. Service and support. This is a direct example of how cloud services don't have any support and their services can disappear with out warning.

    3. Backups and maintenance. Obviously if I had to maintain 4 redundant drives with my image files stored on each to prevent data loss I DON'T NEED THE CLOUD. Let me say that again. If I have to spend money to back up my own data and support my own services, I DON'T NEED THE CLOUD.

    4. Long Term Data Availability. Obviously this company didn't make it long enough to worry about data format changes and keeping data available for the long term. In fact they are erasing the data shortly.

    Some Cloud vendors have been replying to me and so far none of them have been able to successfully address the above points.

    Here are some partial solutons:

    1. Build in an money account that allows your company to provide a 6 -12 month buffer for uses to retrieve their data.

    2. Generate special contracts that allow users to work with Cloud Vendors is a similar fashion as IP companies do with outsourced manufacturers. Instead of draconian EULAs, contracts are exchanged where each party can negotiate who has rights to what and what can be done with what property. Technical solutions can also help. If the USA congress for example can enact laws that say ownership of a virtual server confers physical rights to the virtual property then any type of legal subpoena would have to go to the owner of the virtual server, not the hosting company. It would also allow intellectual property to be protected in a legal fashion. In essence the hosting company would create a virtual server for each customer, get paid to host it on their hardware, get paid to back it up, but not be liable for the content and not have direct rights to the content.
  • The creditor may own the hardware ...

    but like any creditor for a bankrupt entity they do not own 3rd part assests stored there.
    A bank cannot sieze a tennant's belongings in a reposesed house. They can only force the tennant to vacate through proper legal procedures.

    I'd hate to be this creditor's legal representative.
    • Herein lies the problem.

      "A bank cannot sieze a tennant's belongings in a reposesed house. They can only force the tennant to vacate through proper legal procedures."

      For the most part, the law has not evolved enough to recognize that the data on a hard drive may have a different owner than the hard drive itself, and that data itself has value. Add in what other posters have said - you have probably waived your rights in the EULA - and for now, what the creditor is doing is perfectly legal. And even if the law would catch up to recognize property rights in the data on the hard drive in the event of a company's financial failure, I'm guessing that could easily be circumvented by a clause in the EULA stating that you agree to subordinate your rights to your data on the hard drive to a secured creditor.

      Perhaps there needs to be some initiative to encourage cloud computing organizations that store data to be bonded in the event of something like this. I don't think any special legislation would need to be passed; the free market should be able to regulate this as a "you get what you pay for" scenario - if it's free, don't expect that your data will be there tomorrow; if you pay, your data should be retrievable.

      The cloud should be used as part of your backup solution, not the entirety of it. If the data is important, you should have it backed up locally as well. It's highly unlikely that both your local and your cloud backup would be wiped out simultaneously.
      • I like most of what you said...

        The only thing I slightly disagree on is the back up strategy. If I am paying a vendor to back my data, I want my money's worth. Again I agree if it is free, you take your chances or do it yourself.
        However the benefits of cloud computing are slim.
        Supporting your own I.T. hardware, software, and small staff to back up corporate data or if you are a home user you have to buy and maintain your own server for back ups then you are destroying a lot of the value of the Cloud computing environment.
        The 2 key benefits of using the cloud are ubiquitous access to data, services, and programs and the second is out sourcing you I.T. head aches.

        If as a company I have to still maintain my I.T. department for sensitive data and back ups, I might as well broadcast my own programs and services as well. This eliminates both benefits of the cloud.

        If I am paying a vendor for back ups and ubiquitous access, the vendor had better have massive redundancies built in. Basically for a premier service I would expect 1 hour or less of down time for any service, program or storage access I need to make. I would expect to pay a premium price for this but it would allow me to off load the I.T. which is one of the main promises of the cloud.
        • The cost of opening your IT to web based users...

          is enormous. I have seen all sorts of savvy user tricks to bypass passwords and VPN limitations, and back doors into the network etc. A cloud can make sense if you want to outsource the expensive headaches of security but if you can't afford the personnel to maintain a secure backup plan then either your data is worth very little or perhaps you need to re-evaluate your business plan.
          The point is, it's easier to back up data than to secure it on the web. The cloud [i]should[/i] give you both but most people really need the later more than the former.
          • I haven't seen the security on the cloud

            I really haven't seen better security on the web than my companies IT department provides.
            My point was either I off load all of my I.T. including back ups or I use my in house I.T. staff to get me to the web. If I am paying money on staff and hardware, I will buy staff that understands the level of security I want and get the equipment to support it.
            I don't really see the cloud as a cheap security alternative.
            On the contrary, I would need personal security from some of the practices of online companies.
            I have also seen some of the simplest SQL injection attacks work on some cloud vendor's storage. Phishing schemes on vendor portals are another possibility.
            Again it is possible for these attacks to work on traditional web offerings but that is actually my point. I am not gaining enough benefit from cloud computing to adopt it.

            I have said in other places that until at least data ownership is addressed no amount of security benefit is going to entice me to the cloud.
  • Tell me AGAIN why "cloud computing" should be the future (nt).

    nt = no text
  • I second that. What is the point of cloud computing

    .. other than for companies to sell us "solutions" for problems we don't have?
  • They want your data - the only thing they don't have

    Cloud computing = a grab for your data, the one thing companies like Google, Amazon, and Microsoft do not have access to. Anyone who trust them is as naive as early Amazon customers who trusted Amazon's promise not to sell their personal data to third parties, a promise made to entice people to buy at Amazon, something people were reluctant to do at first, which was reneged as soon as Amazon reached sustainable growth. Then they started selling data.

    The cloud is the way for companies to get access to your data to mine, sift, and sell it. They can't get the data if it's not on the web - if it's safe on your server or desktop behind a firewall. They want to blast open a hole in your security and get the data, and have you pay them to do it.
  • RE: Back up your online data. Now.

    Using cloud computing doesn't mean the good IT rules go out the window. Back-up is still important -- you just may want to do it differently. I'd like to see a cloud service that offers a third-party back-up service as a differentiating feature. That makes it easy. What I'd really like is to be able to buy that service from someone recognizable and bullet-proof like Iron Mountain or IBM.