Take ultimate responsibility for cloud, users warned amid Nirvanix closure

The sudden demise of cloud provider Nirvanix must act as a wake-up call for end users in planning exit strategies when contracting cloud services

American private, hybrid and public cloud services provider Nirvanix has advised its customers to move data off its services before September 30 when it shuts down. The closure should serve as a wake-up call for end users when contracting for cloud services as well as propel them to plan exit and migration strategies right at the onset, experts have warned.

Last week the ailing cloud storage provider advised customers to stop uploading first or second copy of data onto its platforms and urged them to migrate it to other public cloud providers such as Amazon S3, Google Storage, Microsoft Azure or IBM-SoftLayer.

The company’s confidential email to customers warned them about its closure giving them two weeks to move data off its cloud.

The company plans to close two or three datacentres it has leased in the US, Europe and Asia. Other Nirvanix datacentres will be used to pull data out of the systems.

The company has a programme called Direct Connections to help customers migrate data using LAN or the internet. But Forrester’s senior analyst Henry Baltazar has warned that even over large network links it could take days or even weeks to retrieve terabytes or petabytes of data from a cloud. 

“If you used Nirvanix for third or fourth duplicate copies you need assurance that data will be destroyed. If you used it for primary data you need that data back, and that is no trivial task right now,” said 451 Research Group’s analyst Simon Robinson in a Computer Weekly article.

“The whole scenario is clearly also a big blow to the cloud storage model, since it apparently validates fears over the risks of handing your data over to a third party,” Robinson said.

Launched in 2007, Nirvanix was struggling to compete with giant public cloud providers such as Amazon, Google and Microsoft on price points.

Meanwhile the not-for-profit industry body, Cloud Industry Forum (CIF), said that enterprise customers must ensure they have achieved contractual clarity for service delivery and with regards to how a relationship formally ends at a practical level, regardless of cause of the termination.

The cloud company’s closure is not dissimilar to UK datacentre 2e2’s closure earlier this year. 2e2 asked its customers for nearly £1m in funding if they want uninterrupted services and access to their data.

“Offering a mere two-weeks in which to migrate customer data from their servers, Nirvanix have essentially hung their customers out to dry,” said CIF founder Andy Burton.

But end-users must take steps to mitigate risk and assume ultimate responsibility, Burton warned.

Three main areas where users must focus, according to CIF

  • Contracting

A careful review of the contract and SLAs should highlight the extent to which the customer has any meaningful remedy if the service levels are not met and should enable them to take measures to minimise losses or disruption in case of failure. Clarity will be needed to understand how the service is delivered and who is accountable and liable for service delivery, including post- termination timescales and data recovery. 

  • Contingency

Whilst a CSP can be held accountable for a breach of contract or a service failure, the end user still needs to be clear on what their operational remediation plan is. The absence of one is a critical flaw in any sourcing decision whether the solution is delivered on-premise or in-cloud. Buying a cloud service is no different to buying any other IT solution, if it is a critical part of the business operations then appropriate business continuity/Disaster Recovery (DR) plans need to be in place. Be prepared!

  • Certification

In order to drive up best practice and standards in the industry, certification schemes are evolving which champions professional CSPs seeking to build demonstrable trust in the supply chain by providing transparency and clarifying accountability in their approach to market. Whilst it is no guarantee of future performance, participation by a CSP in a certification scheme does show a more prepared and conscientious approach to service delivery that customers can take comfort from.

The sudden closure of Nirvanix should serve as a necessary reminder for end users to seek contractual clarity and reassurance from CSPs (cloud service providers) to understand how a service will be delivered, where and how the data is stored, the minimum notice they will have to move data to another provider is, what format the data will be provided back and what costs will be incurred (if any) to retrieve their data, he said.  

Customers must always seek clarity on how the service will be delivered, who is accountable and liable for which aspects of service continuity, and ultimately what is the process and timescale to disengage and move data in a planned or forced termination, added Burton.

 “When it comes to procuring cloud services, caveat emptor still applies today. Whether buying direct online or via a third party it is essential that an organisation can establish confidence in the service provider and be confident in both its expectations and experience throughout the life of a contract,” he said.

The industry body also urged end-users to take stock and always maintain overall governance of how IT is delivered, and therefore to always assume and maintain ultimate responsibility for decisions they make either on-premise or in terms of adopting cloud services

But CIF also called for cloud service providers to “act honourably”.

“CSPs have an opportunity to achieve competitive advantage by being straightforward and transparent about their business practices and processes. Clarity of obligations, service levels, service options and issue resolution will positively reduce risk for end users in making their supplier choice decisions,” Burton concluded.

Exit strategy -- a crucial aspect of the cloud contract

A European virtualisation and cloud expert Ruben Spruijt advised enterprise customers that it is crucial to consider the “exit strategy” right at the time of entering into a cloud contract.

Forrester’s Baltazar adds that in addition to planning an exit strategy, customers should also plan migration strategies as they formulate their cloud storage deployments.

“One of the most significant challenges in cloud storage is related to how difficult it is to move large amounts of data from a cloud,” Baltazar said. 

Gartner too has been advocating the importance of cloud exit strategies to clients for some time and has published a titled, “Devising a Cloud Exit Strategy: Proper Planning Prevents Poor Performance.

“I’m sad to say however, that compared to many other Gartner research documents, this document has not seen nearly the amount of demand or uptake from our clients,” Gartner’s research director Kyle Hilgendorf said on his blog

“Why is that?  I suspect it is because cloud exits are not nearly as sexy as cloud deployments – they are an afterthought.” 

“If you are a Nirvanix customer, it’s too late to build a strategy. Get as much of the data as you can back immediately,” Hilgendorf said.

“If you are a customer of any other cloud service – take some time and build a cloud exit strategy/plan for every service you depend upon. Cloud providers will continue to go out of business,” he further warned. 

Read more on Datacentre disaster recovery and security