In 2016, as more software moves into the cloud to deliver browser based access, we have seen a few examples of “big name” providers experience frequent and lengthy outages and this should lead to a conversation about stability and accountability of their cloud.
While we tend to think of all cloud based software as just storing our data in the cloud, the truth is that it has to live somewhere. This could be a physical data centre here in Australia, in the USA, or somewhere in Asia.
While many Software-as-a-Service offerings claim to offer similar functionality, in the background not all things are equal. Many software companies outsource their cloud needs to third party data centre infrastructure vendors like Microsoft (Azure), Amazon Web Services (AWS) or Google. This can be convenient and low cost for the cloud software provider you’re dealing with, but it begs the question of not only data security and sovereignty but how much control and accountability do they really have over the cloud platform they are selling you.
You need to know whether your cloud software provider is itself outsourcing to a 3rd party data centre infrastructure vendors as this can increase the complexity of your contract, especially if you are trying to determine who is responsible for which action, where is your data and who now owns it and can access it. If your cloud software provider is outsourcing make sure your contract obligates them to do the following:
- Identify any functionality that is outsourced and name the third party.
- Require any third-party vendor to abide by the same security policies and procedures that apply to the cloud vendor's employees.
- Have business continuity plans in the event that the third-party vendor fails.
- Take direct responsibility for all aspects of complying with the terms of its contract with you.
Once your data uploads into the cloud do you still own it? It’s worthwhile checking the fine print of your cloud provider as some retain the right to use your data as they wish, or sell it onto third parties.
Make sure you choose a provider who has been around for a while and has tried and true processes in place.
A few years ago storage provider Nirvanix announced they were going out of business and customers had to get their data out, fast. Some customers were able to get their data out and to safety, while others weren’t so lucky.
While a brand new Cloud Provider may have some amazing deals and offers, there is always a risk that they will collapse, and for some there isn’t even a warning.
Location is a really important factor for Cloud storage. Remember that although it’s called the Cloud, there still needs to be some a physical location with servers storing your data. These are called Server Farms and more often than not, are located in countries that have low operational costs and lax laws around privacy and data sovereignty.
Different geographical locations can be more susceptible to natural disasters, an unstable political landscape or intrusive privacy laws. It pays to know where your data is living.