koya979 - Fotolia

What happens when cloud data is lost?

Everywhere you turn somebody somewhere is extolling the virtues of cloud computing, writes Tom Greenbank of international law firm Pinsent Masons.

Everywhere you turn somebody somewhere is extolling the virtues of cloud computing, writes Tom Greenbank of international law firm Pinsent Masons. 

The basic idea - that data and software are hosted remotely - has many benefits, but its reputation has just taken a serious knock.

Users of T-Mobile's Sidekick service got a taste of the downside of cloud computing this month when they went to their cloud-stored applications to find the data cupboards bare. All their photos, calendar entries, notes and contacts had vanished.

Though at first it seemed that their data was lost forever, Microsoft - whose technology is behind the system - says now that most, if not all customer data has been recovered.

This was no doubt painful and distressing for people whose only copies of beloved photos or vital information seemed lost, but consumer services are often run with a higher tolerance for error.

But what if the servers had held your corporate data? More and more companies are entrusting their data and processing needs to cloud-based providers.

The upsides of the cloud often include affordable monthly fees, rather than huge capital outlays, and access to bursts of massive processing power or storage as and when it is needed.

The Sidekick debacle offers some lessons for corporate customers. They should realise, just as Sidekick users have, that no operator is perfect. Just as your own IT department can lose data forever, so can an outsourced service. Major bugs or glitches you can't predict or prevent; what you can do is minimise the damage.

That is all to do with the contract you are offered when you sign up to a hosted service. The standard terms and conditions that accompany most cloud services are drafted heavily in favour of the service provider. That should come as no surprise. These agreements typically exclude all liability for the corruption or irretrievable loss of data, and they come with almost no guarantees. If the service fails, tough luck: you'll get service credits - ie, a few extra days of service for nothing - and that's your lot.

As many cloud services are provided free, or at a low price, small businesses are rarely in a position to negotiate better terms. They must take the standard offer or leave it. But if you are paying big bucks for the service, and especially if you are entrusting mission critical data to a cloud provider, there are risks that absolutely must be catered for in the agreement or managed externally using additional systems.

You are unlikely to persuade a supplier to guarantee compensation for a data disaster - but you can take steps to minimise the likelihood of a disaster and its impact on your business.

Find out how the service provider will protect your data from corruption. Microsoft made backups of the Sidekick data, but the failure wrecked the copies as well as the live database. A similar issue hit Magnolia, a website bookmark storage provider, earlier this year when its live database became corrupted. Magnolia's backup process dutifully kicked in and overwrote the only good copy of the data there was.

So be prepared to demand information on how backups are taken and how that data is checked for integrity. If you're not satisfied with the responses, negotiate alternative arrangements or walk away.

Also find out how you can retrieve your data from the service provider. You might want to move to a new supplier in the future, or your service provider might go out of business. Will your data be in a format that can be migrated easily to a replacement service? Answering these basic questions before selecting a provider can save great pain and expense further down the line.

There are many excellent cloud solutions available out there, but do not be tempted to put your trust in a name without assessing the risks in the context of your business requirements. It is not that you should expect something to go wrong - it is that there is a possibility of it going wrong, however slim. You don't want to be the one that has to tell your CEO that you signed the business up to a service with no safety net whatsoever.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.