What Do You Do When the Cloud Shuts Down? 203
jbrodkin writes "Can you trust your data to the cloud? For users of an online storage service called The Linkup, formerly known as MediaMax, the answer turned out to be a resounding 'no.' The Linkup shut down on Aug. 8 after losing access to as much as 45% of its customers' data.
'When we looked at some individual accounts, some people didn't have any files, and some people had all their files,' The Linkup CeO Steve Iverson admits.
None of the affected users will get their lost data back. Iverson called it a 'worst-case scenario.'"
Sell me data insurance (Score:3, Interesting)
Every year, I read the terms of service of a bunch of online backup services, but I have not found one that gives the provider any incentive to be careful. They say they have *no liability of any kind*. Why should I trust them?
I will cheerfully pay to insure access to my data, but nobody offers me insurance.
This is why backups are important (Score:3, Interesting)
A few years ago, I had my websites hosted at this one company, Digi-Wave. They were great for a few years, but suddenly their servers were down. For a week. Yes, I said a week. The servers came up again briefly before going down again, but in that brief span, I managed to backup my database and files. When I called their support line, I was told that their servers were infected with Code Red (IIRC, I know it was one of those IIS worms). I knew this was a bogus answer because the fix to Code Red infection was: 1) disconnect the machine from the 'Net, 2) reboot it, 3) apply the patch (possibly rebooting again), 4) reconnect to the 'Net. It shouldn't have taken them over a week to fix this.
Then they stopped answering support calls and their phone's inbox filled up until it stopped accepting recordings. By this time, I contacted my credit card company to get my money back and had made arrangements with another hosting provider. I was lucky to have retained my data. Many were not so lucky. And to add insult to injury, after Digi-Wave folded, another hosting company arose with a different name but the same contact information.
The moral of this story is to always backup. Because you never know when the cloud, your webhost, or even your personally owned and run server will go south and take your data with it.
Re:The critical flaw (Score:2, Interesting)
What's preventing a service that does encryption/decryption on the client side? Other than the lack of desire from the providers I mean.
I think there are several issues, and lack of interest from providers is actually among the least of them. Lack of interest from users is probably the biggest issue. Many people just don't care that much about the privacy of their data -- they either honestly don't care who sees their stuff, or don't care enough to be willing to expend any effort or time preventing it. Adding a well-designed encryption feature to a backup service would add complexity and expense, and if people aren't willing to pay for that (i.e. they don't care), it's not going to get added.
Some enterprise backup systems do offer encryption (and also offer non-cloud-based backup, for companies that want to keep everything on-site) so it's not as though it's never been done. You just don't see it on the consumer level that often, because consumers don't care enough about privacy to pay for it.
Also, a well-designed encryption system -- where the data was effectively lost if the user misplaced or lost their decryption key -- would probably lead to a lot of customer-service problems. Inevitably, users would upload data, not make a backup of the key (or make a backup and then lose it, or not store it off-site, or whatever), and then get upset when they couldn't recover their data from the backup service that they paid for. I've dealt with this sort of thing personally before; many users just don't get encryption. They find it inconceivable that you, as the god-like administrator, can't just open up an encrypted file on command when they lose their password. (I've had people literally accuse me of plotting against them or being insubordinate for not opening their encrypted files for them.)
So given that it would add complexity to the implementation to do right, isn't something that people are likely to pay extra for, and is likely to cause a lot of problems and expense down the road, it's not surprising that most online backup services either don't offer encryption or don't turn it on by default if they do. It's easy for knowledgeable users to add encryption to files before uploading them; just letting them do that is a lot easier than trying to explain to Aunt Millie why her vacation photos are gone because she wrote down her password on a piece of paper that was lost in the fire that destroyed her computer.
Re:Not a new problem! (Score:3, Interesting)
What do you do when your local computer shuts down? How about a server on your company intranet?
Well with the former I can pull the hard drive and shove it in a new machine and be at least trying to recover my data inside of an hour. With the latter, the systems team could be doing the equivalent inside of a day (as the servers don't tend to be in the office).
If my remote document storage/app server/whatever goes down, even transiently, there's nothing I can do until it comes back up (other than hope that it does come back up).
So yes, backups are your friend, but the situation isn't quite the same.
Re:Backups, backups, backups! (Score:4, Interesting)
I proposed an idea [halfbakery.com] like a P2P backup. Say you have some 20 GB you want to back up. You make 20 GB available on your system, and fire up a P2P backup program. You partner with people who want to backup also, trade backup space, and voila! You have a distributed backup system. It's all encrypted, so you can't get into other people's stuff on your system, and vice-versa. Periodically, the app checks to make sure that all your backup partners are available. If not, it starts negotiating a backup with a new partner.
Of course, you don't want to lose your stuff to a single host going down, you would have a ratio of 3:1 or 4:1 to make sure that you have high availability.