Q&A: What happens when your cloud bursts?

Steve Prentice, vice president and fellow at research firm Gartner, reminds organisations not to rush into cloud service agreements or trust any third party provider with mission critical data and applications without following appropriate risk management procedures.

What is the probability of a major Cloud service provider failing?

Prentice: We are not trying to say that Google, Amazon or Microsoft are going to fail, and the probability of any individual cloud provider failing is in fact very low. But if we have learned anything, it is that no company is too big to fail: it could happen. And as more companies use cloud services, more cloud providers will emerge and, as with any industry, a percentage of those will almost certainly fail. It is just a question of trying to spot which one – some are more susceptible than others.

What is most likely to cause that failure?

The scale and speed of growth means it will become a very competitive market, and how do they make money?. In the early days, many cloud providers are on a wing and prayer because they are not able to invest in enough capacity to handle the peaks and do not have enough customers to handle the troughs. As they mature, it gets easier for them, but then they face the prospect of falling victim to merger and acquisition (M&A). The buyer may want 80 percent of the company, but is happy for the other 20 percent of customers to go somewhere else, for example.

What are the consequences for failed providers’ customers?

The moment that server stops spinning, the service is turned off. If a company relies on a cloud provider for an enterprise resource planning (ERP) system for example, and that supplier is no longer there, the ERP system is no longer there either. It is nice to think that your data will be well protected when those servers are closed down, but that is not necessarily the case. It might just sit there for somebody else to find, or worse get corrupted or trashed – there is no guarantee it will end up safely in the hands of the service provider to which you choose to switch.

What can customers do to mitigate the risk of being left high and dry?

All the usual risk management procedures – Escrow type agreements, due diligence, making sure the contract can be renegotiated if there is an ownership change, and just investigating the cloud provider’s financial circumstances beforehand. This is not rocket science, it is just normal business. The difference is that the cloud is so hot right now, and everybody is getting so hyped up about the prospect of reducing their capital and operational expenses, they think everything is going to be wonderful and it is just going to work. Occasionally, things will go wrong, and it is important to know what will happen next if it does.

Is this likely to deter some companies from putting their IT infrastructure into the cloud?

There will always be some IT departments that want to keep things in-house, and this will be an additional excuse for doing that. But the excitement of the new, and the lure of cost savings will mean while many will not sweep it [the prospect of cloud service providers failing] under the carpet, they might not pay it the attention it deserves. The reason most people are not doing the cloud is because the services they want are not there, whilst smaller companies that do not have their own data centres are unlikely to build them from scratch.

Is in-house IT service provision any safer?

People can be poor at perceived risk: can they really say that something that is outside the organisation is not safe, and something which inside is? Not every internal datacentre is safe, whereas the datacentre for cloud providers is mission critical – it is all they do.