Cloud backups: Where's my get out of jail card?
Quis custodiet ipsos custodes?
If you have bought into the cloud that is a problem for you. The continued existence of a cloudy service depends entirely on economies of scale. If you have become dependent on a service that is not meeting the needs of enough people to keep the numbers up then your business could end up getting Google Readered.
I acknowledge that there is some value to BaaS as a solution to the badly designed other-things-as-a-service problem, but more research needs to be done. A BaaS vendor is highly unlikely to run that service on its own hardware. Most likely it runs a virtual datacentre on one of the major public cloud vendors.
If you use Amazon's EC2 and feel a need to seek out a BaaS vendor to cover your proverbial, said backup vendor might well be hosting its outfit on Amazon's EC2. I am not entirely sure how that is useful. It gets more complicated when looking at SaaS vendors.
It does not take a certified nerd to grok that Office 365 runs on Microsoft's cloud and Google Apps runs on Google's cloud. Off the top of your head, where does Salesforce run? Spanning? Your favourite cloudy mobile device management provider?
Even if you go to all the trouble of using an S+BaaS approach it still might not save you. The public cloud looks far from simple and seems like it still requires thought and planning to implement.
Who is the owner?
None of this addresses vendor lock-in concerns. There is really nothing except bad PR preventing an American cloud provider (and let's face it, most are American) from simply not letting you download your data. Data ownership is a fuzzy concept in the US. End-user licence agreements can be magic get-out-of-jail-free cards for corporations in some states, effectively worthless in others.
A SaaS vendor could cheerfully decide that it will allow partner vendors to provide backup services on condition that the partner only allows you to restore that data back into the SaaS vendor's cloud. You can have as many copies as you want, you just can get access to the data in those copies in a manner that would allow you to migrate to a different SaaS vendor.
While to my knowledge nobody has actually tried this yet, the cynic in me says that is only a matter of time. What is the difference between a SaaS vendor with "limited (or no) API support" and a vendor locking your data in for eternity?
Vendors can also try the terms of service approach; how many times have image companies tried copyright land grabs that would have given them ownership of your photos?
That is why I dislike the idea of cloud services I can't control. I am happy to let a vendor stand up an application on any random public cloud and sell it to me, but we can't even begin discussions until I can download that data to a backup application that I control.
If I store those backups online, I need to be able to store them with trusted managed service providers to ensure my data is at all times only under the laws of my own nation.
The modern backup vendor must be increasingly cloud aware, as must we. It is too easy to use public cloud service. Click here, tap there and suddenly your business could become totally dependent on something you do not have a handle on.
I hope this has got some of you at least thinking about your own backups. Are you sure they are working? Are you sure they back up all of your company's data?
There are plenty of considerations I have missed when putting this together so please take to the comments and add more to the discussion. After all, it is hard to be too careful about backups. ®
Sponsored: Global DDoS threat landscape report