This week we got a great comment from a TechSoup member to our Cloud
Technology and the NGO Community blog post. It asked about cloud
companies going out of business and how secure data is in such cases.
vendors simply close your account without notice? What should nonprofits do
In our TechSoup
Global NGO cloud survey we found that people in nonprofits and libraries
are indeed concerned about data security in the cloud the world over. Cloud data security and privacy challenges
were cited by 27% of respondents as a significant barrier to cloud adoption.
probably will go out of business as the industry develops. OnLive, a popular cloud-hosted gaming
service, recently filed for bankruptcy.
The largest and most famous cloud
company shut down to-date was the case of the U.S. Federal Government shutting
down Megaupload for their illegal download activities. All their data (and
assets) were seized and impounded and customers were not able to get it back.
I’m not seeing a lot of this yet, though.
much more common to read about data breaches and disruptions that shut down a cloud
services for a period of hours or days.
Nearly all the major cloud vendor
companies like Google,
Microsoft, Sony, and Amazon have been hit by hacker attacks that have caused
Perhaps the most famous of these was the outage
of the Sony PlayStation Network that took down their cloud based
service for nearly a month in the spring of 2011 and affected Sony's 70 million
also possible to have your account accidentally deleted by a cloud vendor.
Facebook recently reported that it has an estimated 83
million duplicate or false accounts that it will be aggressively deleting.
What if one of them is yours? In February 2011 Google
inadvertently deleted 150,000 Gmail accounts due to an internal software
Most cloud services, however, promise 99% plus
uptime and large enterprise companies largely trust their critical data to
cloud vendors. What's a nonprofit to do?
I actually hate the first set of recommendations
I’m suggesting on this, but a sane and prudent person will do well to actually
read the terms of service for cloud vendors that you’re entrusting with your
critical data. If you don’t do that, then you might check out the British Terms of Service Didn’t Read website to see if
they've sussed out the gotchas that the major cloud providers have in their
While you're at it, have a look
at your prospective vendor's service
level agreement (SLA) and if you're paying for the service monthly, go ahead
and call them.
Ask them some hard questions like:
Find more of those due diligence types of ideas at Seven
Lessons To Learn From Amazon's Outage and Before You Choose a Cloud Computing
Vendor: 8 Questions. You can also read an article written by our director of information systems security here at TechSoup, Security in the Cloud, where he tackles some considerations for IT staff for working with cloud vendors.
interesting strategy to ensure data security is to look in to something called
hybrid cloud storage. Ed
Bott of ZDnet maintains that “if your data matters, you need a hybrid
strategy, with local storage and local content creation and editing tools. If
your local storage fails, you can grab what you need from the cloud. If your
cloud service fails, you’ve still got it locally. But if you rely just on the
cloud, you’re vulnerable to failure."
This is also what we've recommended in our disaster planning and recovery toolkit, The Resilient Organization: A Guide for Disaster Planning and Recovery. We recommend the 2x2x2 rule: Two sets of backup, held by two different people, in two different locations.
There are hybrid cloud
storage services out there that allow offices to house their data onsite in
their own computer networks and also have a portion of it or all of it in cloud-based storage. Probably the most commonly known service like this is Dropbox. This cloud service keeps a folder
for your data on your hard drive and also in Dropbox's cloud servers (which is,
in turn, hosted by Amazon S3).
Another example is TechSoup
Global's new cloud partner, npCloud, which operates
similarly. Its NPVault backup service uses a piece of hardware called a
Network Attached Storage (NAS) device that stores critical data locally on your
network, and backs it up into the cloud periodically. It backs up just critical
data, usually not all your data.
There are other hybrid
cloud storage services like Egnyte, Nirvanix,
StorSimple, and Barracuda Networks Back-up Service, and
probably many more to come because concerns about cloud data security and
having assurance that you have control of your critical data don't seem to be
We'd love to hear
what your concerns are and also what solutions you've found. Share your experiences in the comments below.
Image: Cloud security from Shutterstock
Honestly, this is my greatest fear when it comes to storing data in the cloud. One day, all my information is at my fingertips. Life is great. Next day, all my data is suddenly gone without warning. Catastrophe.
Hi Everyone. My name is Yann. I'm an Internet professional with a Cloud Phobia.
I agree with Yann as someone responsible for network and therefore data security and backup. Working as I do in Ethiopia another concern is the availability of data 'in the cloud' if the power goes or there are problems at Ethiopia Telecom (the most frequent reason they give for service breaks is rats eating the cable!). Put your data 'in the cloud' but if it is critical keep a local copy.
This is one of the reasons I setup and have my customers use CloudPockets.com. It provides for both a local, and cloud backup.
If you are Canadian based it has the added benefit of storing your data in Canada, not in the US where it is subject to US security and privacy laws.
Disclaimer: I am an owner of CloudPockets.com
Just curious, any plans in the works to offer charities a discount of some sort on Cloudpockets.com?
Haha, Yann, I wish I could "like" your post.
I'm a fan of the 2x2x2 rule, but that's easier said than done. I worked in a teeny office (with no IT staff) that had a server with backup tapes that would literally electrocute people if they touched it without touching the wall first. LOL And the backup tapes often didn't work or complete the backup.
So we used Jungle Disk and the backup tapes with the server and rotated the tapes between houses regularly. But we were always concerned about a set of tapes getting stolen from someone's car and what client data could go missing as a result. But we were too paranoid to ONLY rely on the cloud, so we did both.
I'm another who works across international boundaries and we have simply given up the use of cloud services because they are so reliant on local telecoms (so fragile in less developed and disaster prone parts of the world), and similarly so reliant on the whims of corporate Cloud providers. Yes if they go bust you do not have a leg to stand on... particularly at this time of global economic turbulence.
I'm surprised by the omission of Microsoft in the list of hybrid cloud providers above. The current version of their server software products (OS, email, database and web content management) are available to non-profits via Techsoup and are designed to support a hybrid cloud (they actually power Microsoft's own cloud services). In addition, Techsoup also has Office 365 subscriptions available which include a suite of cloud services in addition to the Office software. Office 365 integrates with a hybrid cloud, allowing users to use both on premise and cloud-based services. In regards to storage and having data stored both locally and in the cloud, I would like to see the StorSimple products available to non-profits via TechSoup. StorSimple products automate hybrid storage in a very nice way but at a higher cost.
PS: I am a Systems Administrator for a non-profit organization and not affiliated with Microsoft in any way.
This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.
Close this window