Feeds

Flickr flap illuminates cloud concerns

Caveat emptor

High performance access to file storage

Briefly, a photographer used Flickr to store his pictures online – amassing more than 4,000 photos over five years. Being the helpful sort, he alerted Flickr to another user who was stealing content. Flickr deleted his account, by mistake and those pictures looked to be gone forever. Following a media firestorm, Flickr had a quick rummage and recovered his images.

But what if it had failed to find them? What recourse does the unfortunate user have? As I’ve told clients – and said in speaking engagements at industry events, weddings, christenings, birthday parties, and on street corners – you have none. If your data is deleted, corrupted, or exposed to anyone else with a keyboard and a screen, you’ll get limited comeback from your cloud provider.

Assuming you prove the problem was the cloud provider’s fault, you’ll get a sincere apology, maybe abject or even groveling. And they’ll mean it – they don’t want to lose customers’ stuff, because that’s bad for business. You’ll get a refund of any money you’ve paid – probably prorated – and maybe a credit toward future use.

This is layering on insult to injury. It is like having your liver removed because you ate tainted food, and then receiving a few cases of the same item from the food provider as compensation for your loss. It doesn’t make the customer anything close to ‘whole.’

Hey you, get on to my cloud

But the cloud providers can do little more. Put yourself in their place: you’re now Mr. Cloud, offering inexpensive storage space to users, and charging only for what they use at any given time. You have good practices, good employees, and a solid infrastructure. Can you possibly indemnify your users against any harm that might be caused by something that you can’t control?

As Mr. Cloud, can you guarantee that none of your dumb-ass employees might accidentally delete an important file? Can you afford to fight lawsuits brought by customers alleging grievous personal or business harm? You can’t.

Is there a technology solution to this problem? Maybe ... storage is cheap, and you can ensure you hold on to deleted files for an absurdly long time just to be certain the customer is really, really sure they truly want them deleted. There’s a cost to this; you’ll have to over-provision to beat the band, and it will cut into your margins and make you less competitive.

You have two routes open to you. The first is to offer your service on a “Hey, we’ll do our best to keep your stuff safe, but...” basis, where you make no guarantees.

This is how many cloud providers are operating today. Or you can take the route of the enterprise cloud providers, and negotiate comprehensive service level agreements with your customers. They’ll want assurances that your service will be highly available and highly secure, and that your employees won’t make mistakes.

The two of you will put all of the requirements on paper and also outline remedies in case there’s a problem. But it costs you money to provide this level of service, and you’ll find it’s damn hard to make it pay off if you’re offering a truly flexible, variable pricing menu. So you put in clauses with minimum and maximum usage to give your business some stability.

In searching around, you find a template that already has the language you need to protect yourself, and also gives your customers what they need in terms of service... What you’ve found is a hosting or outsourcing agreement – and those aren’t so new, aren’t so trendy, and aren’t all that cloudy either. ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.