TechSoup.org The place for nonprofits, charities, and libraries

What if Cloud Vendors Go Out of Business or Delete Your Account?

What if Cloud Vendors Go Out of Business or Delete Your Account?

  • Comments 7

This week we got a great comment from a TechSoup member to our Cloud Technology and the NGO Community blog post. It asked about cloud companies going out of business and how secure data is in such cases.

Can cloud vendors simply close your account without notice? What should nonprofits do about this?

What TechSoup's Cloud Survey Found

In our TechSoup Global NGO cloud survey we found that people in nonprofits and libraries are indeed concerned about data security in the cloud the world over. Cloud data security and privacy challenges were cited by 27% of respondents as a significant barrier to cloud adoption.

How Big Is the Cloud Data Security Problem?

Cloud companies probably will go out of business as the industry develops. OnLive, a popular cloud-hosted gaming service, recently filed for bankruptcy.

The largest and most famous cloud company shut down to-date was the case of the U.S. Federal Government shutting down Megaupload for their illegal download activities. All their data (and assets) were seized and impounded and customers were not able to get it back. I’m not seeing a lot of this yet, though.

It’s much more common to read about data breaches and disruptions that shut down a cloud services for a period of hours or days.

Nearly all the major cloud vendor companies like Google, Microsoft, Sony, and Amazon have been hit by hacker attacks that have caused service disruptions.

Perhaps the most famous of these was the outage of the Sony PlayStation Network that took down their cloud based service for nearly a month in the spring of 2011 and affected Sony's 70 million users.

It’s also possible to have your account accidentally deleted by a cloud vendor. Facebook recently reported that it has an estimated 83 million duplicate or false accounts that it will be aggressively deleting. What if one of them is yours? In February 2011 Google inadvertently deleted 150,000 Gmail accounts due to an internal software problem. 

Most cloud services, however, promise 99% plus uptime and large enterprise companies largely trust their critical data to cloud vendors. What's a nonprofit to do? 

Safeguarding Critical Data

I actually hate the first set of recommendations I’m suggesting on this, but a sane and prudent person will do well to actually read the terms of service for cloud vendors that you’re entrusting with your critical data. If you don’t do that, then you might check out the British Terms of Service Didn’t Read website to see if they've sussed out the gotchas that the major cloud providers have in their fine print.

While you're at it, have a look at your prospective vendor's service level agreement (SLA) and if you're paying for the service monthly, go ahead and call them.

Ask them some hard questions like:

  • What kind of technology they use?
  • Do they rely on a larger cloud platform like Amazon?
  • How does the company ensure physical security?
  • What servers and software it runs and what its arrangements are for disaster recovery.

Find more of those due diligence types of ideas at Seven Lessons To Learn From Amazon's Outage and Before You Choose a Cloud Computing Vendor: 8 Questions. You can also read an article written by our director of information systems security here at TechSoup, Security in the Cloud, where he tackles some considerations for IT staff for working with cloud vendors.

Hybrid Cloud Storage

Another interesting strategy to ensure data security is to look in to something called hybrid cloud storage. Ed Bott of ZDnet maintains that “if your data matters, you need a hybrid strategy, with local storage and local content creation and editing tools. If your local storage fails, you can grab what you need from the cloud. If your cloud service fails, you’ve still got it locally. But if you rely just on the cloud, you’re vulnerable to failure."

This is also what we've recommended in our disaster planning and recovery toolkit, The Resilient Organization: A Guide for Disaster Planning and Recovery. We recommend the 2x2x2 rule: Two sets of backup, held by two different people, in two different locations. 

There are hybrid cloud storage services out there that allow offices to house their data onsite in their own computer networks and also have a portion of it or all of it in cloud-based storage. Probably the most commonly known service like this is Dropbox. This cloud service keeps a folder for your data on your hard drive and also in Dropbox's cloud servers (which is, in turn, hosted by Amazon S3).

Another example is TechSoup Global's new cloud partner, npCloud, which operates similarly. Its NPVault backup service uses a piece of hardware called a Network Attached Storage (NAS) device that stores critical data locally on your network, and backs it up into the cloud periodically. It backs up just critical data, usually not all your data.

There are other hybrid cloud storage services like Egnyte, Nirvanix, StorSimple, and Barracuda Networks Back-up Service, and probably many more to come because concerns about cloud data security and having assurance that you have control of your critical data don't seem to be going away.

We'd love to hear what your concerns are and also what solutions you've found. Share your experiences in the comments below.

Image: Cloud security from Shutterstock

  • Honestly, this is my greatest fear when it comes to storing data in the cloud. One day, all my information is at my fingertips. Life is great. Next day, all my data is suddenly gone without warning.  Catastrophe.

    Hi Everyone. My name is Yann. I'm an Internet professional with a Cloud Phobia.

  • I agree with Yann as someone responsible for network and therefore data security and backup. Working as I do in Ethiopia another concern is the availability of data 'in the cloud' if the power goes or there are problems at Ethiopia Telecom (the most frequent reason they give for service breaks is rats eating the cable!). Put your data 'in the cloud' but if it is critical keep a local copy.

  • This is one of the reasons I setup and have my customers use CloudPockets.com. It provides for both a local, and cloud backup.

    If you are Canadian based it has the added benefit of storing your data in Canada, not in the US where it is subject to US security and privacy laws.

    Disclaimer: I am an owner of CloudPockets.com

  • Technicalguy,

    Just curious, any plans in the works to offer charities a discount of some sort on Cloudpockets.com?

    -jim

  • Haha, Yann, I wish I could "like" your post.

    I'm a fan of the 2x2x2 rule, but that's easier said than done. I worked in a teeny office (with no IT staff) that had a server with backup tapes that would literally electrocute people if they touched it without touching the wall first. LOL And the backup tapes often didn't work or complete the backup.

    So we used Jungle Disk and the backup tapes with the server and rotated the tapes between houses regularly. But we were always concerned about a set of tapes getting stolen from someone's car and what client data could go missing as a result. But we were too paranoid to ONLY rely on the cloud, so we did both.

  • I'm another who works across international boundaries and we have simply given up the use of cloud services because they are so reliant on local telecoms (so fragile in less developed and disaster prone parts of the world), and similarly so reliant on the whims of corporate Cloud providers. Yes if they go bust you do not have a leg to stand on... particularly at this time of global economic turbulence.

  • I'm surprised by the omission of Microsoft in the list of hybrid cloud providers above. The current version of their server software products (OS, email, database and web content management) are available to non-profits via Techsoup and are designed to support a hybrid cloud (they actually power Microsoft's own cloud services). In addition, Techsoup also has Office 365 subscriptions available which include a suite of cloud services in addition to the Office software. Office 365 integrates with a hybrid cloud, allowing users to use both on premise and cloud-based services. In regards to storage and having data stored both locally and in the cloud, I would like to see the StorSimple products available to non-profits via TechSoup. StorSimple products automate hybrid storage in a very nice way but at a higher cost.

    PS: I am a Systems Administrator for a non-profit organization and not affiliated with Microsoft in any way.