The big news a week or two ago was that shutdown of cloud storage service Nirvanix. The company, a San Diego-based vendor that had raised over $70M over the past six years, sent customers an email giving them two weeks to migrate their data elsewhere. As could be expected – there were significant cries from the general punditry – this is a terrible move for customers, and is bad news for the cloud industry generally. Personally I think there is far more to this story than meets the eye and I suspect that over time we might get a better perspective on what really went on within the company. however in the meantime there are some things to think about that fall out of this news.
It seems to me that there are two distinct learnings from this news – one relating to due diligence and one relating to core architecture. let’s take the easy one first
Do Your Homework!
The move to the cloud is an awesome thing – more flexibility, more focus, the chance to abstract non-core operations out to third parties – all the benefits we’ve been talking about for years. But with those very real benefits come some risks. Not risks that means we shouldn’t use cloud at all, but risks that mean that the due diligence process is more robust than ever before. Things enterprises need to think about during DD include:
- Who is this vendor? Are they well funded and secure Will their business exist tomorrow and into the future? How much downstream damage would there be if they vanished into the ether?
- What are their SLAs? Is there an escrow agreement which covers the data in the event that they cease operations? Is there an agreed export model in the event that you want out? Is there an agreement in terms of notice periods?
- Do they have pre-existing arrangements with other parties that could help in the event that they go out of business
Now in the case of Nirvanix, it’s possible that DD wouldn’t have uncovered issues – they were well funded, a “mature” player and had enterprise SLAs in place. But maybe their customers, given hindsight, would have been wise to negotiate hard for data escrow provisions or some other protections.
I love the cloud – it has changed the world for the better and delivers massive opportunities for organizations. But with it comes some risks – we’re increasingly prepared to trust that our data, stored in third party locations, will always be accessible. But how realistic is this? Perhaps the onus is on us as customers to ensure that there is always a “Plan B”. Maybe we need to think about data storage in a hybrid way. Perhaps by using solutions that backup our data onto either another third party or to our own local storage (and yes, I know that will sound like heresy to some).
Fundamentally, customers need to stop and think about what happens to their data when they only have one storage provider and that storage provider has a major outage, or worse, goes out of business?
A Third Way
OxygenCloud is a vendor I’ve been covering for a few years now. They’re a small outfit and that might possible ring alarm bells when it comes to due diligence. but that said they have an approach that can both overcome what they lack in size, but also answer the core concerns about reliance on a single vendor.
OxygenCloud calls themselves a storage broker – what this means is that they allow customers to use one or more different storage providers – be they cloud, on-prem or a combination. Perhaps a customer wants to store data on their on-prem cloud but to sync onto Amazon S3 – this is where Oxygen comes in. Oxygen connects the “Oxygen Drive” to customers choice of storage, and creates a secure container between each client and storage backend. Behind the scenes, Oxygen directs reads and writes between the client and storage. It’s a similar approach to other vendors and one which flies in the face of the “pure cloud” vendors such as Dropbox and Box.
I reached out to OxygenCloud who’ve actually helped customers migrate from Nirvanix – one example in particular caught my eye, Fonville Morisey Realty had 1000 users and a significant amount of data in Nirvanix – they were able to migrate from Nirvanix quickly and, more importantly, put in place a structure whereby their data is stored in multiple locations at once – giving them the certainty in the case of one particular vendor falling over.
Reliance on a single vendor is problematic, this is even more the case when the vendor in question is a small operation. Organizations need to think long and hard about their due diligence processes and also about the fundamental way they think about data storage. While a hybrid approach towards storage might not be as sexy as pure-play cloud, it brings a real level of protection to customers. The other real impact that a hybrid approach brings is that it allows organizations to use “commodity” storage services without fear. The large storage vendors have long stressed that only a “trusted enterprise vendor” can deliver the certainty that customers need – by using a hybrid approach, customers can gain that certainty, while at the same time using lower tier (read cheaper) providers.
Hybrid storage brings the same model to storage that cheap commodity servers has bought to data centers – it’s an idea whose time has come and solutions like OxygenCloud make it easier than ever before.