Flickr flap illuminates cloud concerns
Briefly, a photographer used Flickr to store his pictures online – amassing more than 4,000 photos over five years. Being the helpful sort, he alerted Flickr to another user who was stealing content. Flickr deleted his account, by mistake and those pictures looked to be gone forever. Following a media firestorm, Flickr had a quick rummage and recovered his images.
But what if it had failed to find them? What recourse does the unfortunate user have? As I’ve told clients – and said in speaking engagements at industry events, weddings, christenings, birthday parties, and on street corners – you have none. If your data is deleted, corrupted, or exposed to anyone else with a keyboard and a screen, you’ll get limited comeback from your cloud provider.
Assuming you prove the problem was the cloud provider’s fault, you’ll get a sincere apology, maybe abject or even groveling. And they’ll mean it – they don’t want to lose customers’ stuff, because that’s bad for business. You’ll get a refund of any money you’ve paid – probably prorated – and maybe a credit toward future use.
This is layering on insult to injury. It is like having your liver removed because you ate tainted food, and then receiving a few cases of the same item from the food provider as compensation for your loss. It doesn’t make the customer anything close to ‘whole.’
Hey you, get on to my cloud
But the cloud providers can do little more. Put yourself in their place: you’re now Mr. Cloud, offering inexpensive storage space to users, and charging only for what they use at any given time. You have good practices, good employees, and a solid infrastructure. Can you possibly indemnify your users against any harm that might be caused by something that you can’t control?
As Mr. Cloud, can you guarantee that none of your dumb-ass employees might accidentally delete an important file? Can you afford to fight lawsuits brought by customers alleging grievous personal or business harm? You can’t.
Is there a technology solution to this problem? Maybe ... storage is cheap, and you can ensure you hold on to deleted files for an absurdly long time just to be certain the customer is really, really sure they truly want them deleted. There’s a cost to this; you’ll have to over-provision to beat the band, and it will cut into your margins and make you less competitive.
You have two routes open to you. The first is to offer your service on a “Hey, we’ll do our best to keep your stuff safe, but...” basis, where you make no guarantees.
This is how many cloud providers are operating today. Or you can take the route of the enterprise cloud providers, and negotiate comprehensive service level agreements with your customers. They’ll want assurances that your service will be highly available and highly secure, and that your employees won’t make mistakes.
The two of you will put all of the requirements on paper and also outline remedies in case there’s a problem. But it costs you money to provide this level of service, and you’ll find it’s damn hard to make it pay off if you’re offering a truly flexible, variable pricing menu. So you put in clauses with minimum and maximum usage to give your business some stability.
In searching around, you find a template that already has the language you need to protect yourself, and also gives your customers what they need in terms of service... What you’ve found is a hosting or outsourcing agreement – and those aren’t so new, aren’t so trendy, and aren’t all that cloudy either. ®
Sponsored: Customer Identity and Access Management