Danger signs: Now how secure does the cloud look?

There are service outages, and then there are service outages. T-Mobile customers who carry the Sidekick smartphone are learning the hard way that there's a major difference between having no access to a service for a little while and losing every contact, calendar entry, and related shred of personal data they've got.

In the not too distant past, Google, Twitter, and Facebook have all experienced basic, quaintly simple service outages. Despite the headlines and general chaos associated with each incident, the bottom line impact was never all that onerous: When service returned, so did their users' data. For the most part, users were given an easy excuse to take a few hours off. And with the exception of Google's subscription services, most were free, so folks couldn't argue that they weren't getting their money's worth.

More than a free service

Microsoft's experience isn't turning out as charmed, and it wouldn't surprise me if some of the folks behind its 2008 purchase of Sidekick maker Danger might be rethinking the $500 million deal in the wake of last week's worse-than-usual outage. When service was restored and countless users (Microsoft and T-Mobile still aren't fessing up to actual numbers) realized their devices had been wiped clean, Microsoft was forced to release an unprecedented mea culpa admitting data had been lost and would in all likelihood not be recovered. More embarrassing for the companies involved, Microsoft implored users to keep their batteries in place and avoid resetting their devices or allowing them to lose power.

Carmi Levy: Wide Angle Zoom (200 px)However you slice it, this is not a happy place for anyone. While it's easy to assume Microsoft's and T-Mobile's customers are the real victims here, the sad truth is these very clients shoulder at least part of the blame for losing their stuff. It may sound harsh, but users who rely so heavily on a vendor that they neglect to implement their own disaster recovery plan shouldn't complain too loudly when said vendor drops the ball. Although in this case Microsoft and T-Mobile were accountable for the service itself, data ownership always resides with the customer. While the peculiarities of the Sidekick dictate that much of the data resides in the cloud, end users remain ultimately accountable for their information.

Sadly, many of them are learning a hard lesson about the value of local syncing. Whatever mobile device or OS you're using, this should be a wakeup call if you're not doing the same.

A cloudy question

This debacle doesn't just force this particular service into question. More ominously, it challenges the very notion of cloud-based services at a time when their takeup rate is accelerating. The fundamental trust that we have in such services -- that a provider that specializes in large-scale deployments like this could absolutely never lose our precious data -- has been thrown into question. Suddenly, keeping things stored on our rickety old hard drives, or at least backing them up there, may not seem like such a bad idea. Any way you slice it, it's a backward step in the march toward the cloud.

To its credit, Microsoft is doing everything it can to make the best of an unfortunate situation. It's apologized for losing customer information, it's scrambling to recover what it can, and it's offering up a free month of data service. While customers who have lost it all may disagree, this is a textbook response to this kind of situation. And as the vendors involved strive to save whatever face they can, it's fair for current and prospective customers to feel burned by a service whose monthly subscription fees implied a certain trust relationship. More than a free service like Twitter, which when it inevitably goes dark users can simply shrug their shoulders in response because they're simply getting what they've paid for (namely, nothing), a service like T-Mobile's that comes with a monthly bill can't simply rely on shoulder-shrugging users when the worst happens.

Thunder cloud (Photo credit: Carmi Levy)

[Original photograph by Carmi Levy]

A case of bad timing

All this must weight heavily on Microsoft as it prepares to release its core cloud-based environment, Windows Azure Platform. While Microsoft was hardly involved in the architecture decisions made years before it acquired the Danger unit, the brand association is anything but positive as Microsoft takes its biggest step yet toward a Web-enabled services model. Convincing customers still comfortable with the notion of physical servers in tangible data centers that they should toss their data into infrastructure owned and managed by some unseen entity just got a lot harder.

Google, Salesforce.com, and other cloud-based vendors -- free or not -- are doubtless also feeling Microsoft's pain, because they all know full well that this kind of thing can happen to them, too. The industry clearly has a long road ahead of it as it seeks to balance the compelling capital and operational advantages of Web services with the never-ending need for customers to take an active role in securing their data.

That road will be difficult indeed if vendors ignore the need for this form of partnership. Despite their passion for making their new generation of Web-based services as worry-free as they possibly can, no amount of technology can ever remove the need for personal and corporate accountability from the equation. Vendors that market themselves as the answer for customers who can't be bothered to pay attention to their own data need a not-so-slight attitude adjustment.

For their part, customers also need to begin challenging cloud-based services vendors with specific questions revolving around how data is secured, backed up, and restored. Before signing on the dotted line, they should ask about what tools and processes the vendor makes available for customers to self-serve their own backups. Even if it's as simple as a basic export to a .CSV file, with the right support from their vendors, customers can set up automated processes that ensure they can keep going even if the service itself does not.

Vendors that don't help customers help themselves will be quickly eclipsed by those that do. And when the worst happens and a vendor-caused meltdown takes data with it, customers that don't step up to the plate will have no one to blame but themselves. Welcome to the new reality of the cloud.


Carmi Levy is a Canadian-based independent technology analyst and journalist still trying to live down his past life leading help desks and managing projects for large financial services organizations. He comments extensively in a wide range of media, and works closely with clients to help them leverage technology and social media tools and processes to drive their business.

© 1998-2014 BetaNews, Inc. All Rights Reserved. Privacy Policy.