The cloud services market has ridden a wave of hype for a couple of years now, and user acceptance is rising across many of the offerings.
It promises businesses a new way of servicing their ICT needs. It means businesses don’t have to commit to building massive amounts of ICT infrastructure that may become stranded as their computing needs wax and wane to meet internal (corporate) and external (client) demand.
In 2013, cloud services started to deliver practical outcomes. Large cloud service providers such as Amazon Web Services, Salesforce, Google and Windows Azure are attracting a broad spectrum of users.
Some companies may be 100% committed to a cloud service from day-one of their business commencing. They’ve made a conscience decision to model their ICT delivery purely on cloud services.
But you may be wary of the market as there are quite a few issues to address before depending on someone else to deliver your company’s ICT services. Think security, compliance, standards, sovereignty, performance, commercials, management and control, just to name a few.
For many, these issues and others have been managed in-house, meaning there’s deep knowledge of how to manage them and their associated risks within their company’s corporate governance structure. So if you opt for some type of ‘as a service’ in the cloud, you’re well and truly trusting a third party to deliver the equivalent of your in-house model.
The concerns are valid given the fate of some cloud service providers
Well, we’re now starting to witness real-world failures. For example, in 2013 cloud storage provider Nirvanix failed due to cash flow problems, not technical problems.
This gives companies a clear view of how exposed they may be, not just because of the service provider’s failure, but also because of the many issues that have to be addressed to extract themselves from the failure and keep their business operating normally.
Here is a US-based cloud service provider, supposedly well financed (initially at least), which was unable to compete in the market with the larger players that have larger buckets of cash to draw on and so regulate their cash flows.
It wasn’t a failure of security, technical performance or lack of standards that brought down Nirvanix. It was financial failure.
Yet this type of failure — in any type of business — isn’t new. ICT users have had to deal with the loss of products, services and suppliers, and so re-adjust their operations.
Did the users of Nirvanix conduct due diligence of the financial stability of the company before committing themselves to the service? Probably not.
Once you commit to a cloud data storage provider, moving your data isn’t easy
Users of this storage as a service had very little time to retrieve their data before the servers were switched off. Some users had terabytes to move.
If you 100% rely on such a company to store your data, then in the event of failure you likely can’t fall back to your own enterprise for storage. It’s probably been resized for a smaller role.
You’d have to scramble to find an alternative service provider and, within the limited time, appraise the risks, negotiate the commercials, execute an agreement and then transfer the data. Not exactly an ideal way to conduct business.
Mind you, other cloud data storage providers stepped up as ‘white knights’ to assist Nirvanix clients to migrate to their services. There’ll always be winners from any disaster.
Due diligence and contracts are important, but have a fallback plan
A cloud service provider’s financial structure, its position in the market, its core business and its business strategy present real risks to any company using the service.
The Nirvanix failure, and the timeframe given for users to remove their data, presents dilemmas for those considering cloud services. This event does seem to have been a lesson learnt as there is more talk in the market of governance, risk and compliance.
When developing the business case to move an ICT service into the cloud, ensure that it hasn’t been biased by technical drivers alone, as all too often the technocrats take charge without adequate commercial analysis. Even an escrow clause isn’t going to ameliorate the effort and time it would take to migrate your data to a new provider.
Nirvanix no doubt looked like a safe bet in the beginning. But market forces ran over it.
This cloud service failure clearly highlights that all cloud users need a disaster recovery plan. They can fall back to their own enterprise infrastructure or they need to have a plan for switching service providers.