This is a post by Dave Jilk, a long time friend, business partner, and CEO of Standing Cloud. While the words are his, I agree 100% with everything he is saying here. I continue to be stunned and amazed by both the behavior of our government around this and the behavior of “us” (companies and individuals) around their data given our government’s behavior. But Dave’s point is not only around the actions of government, but the broader risks that exist in the context of multi-tenant services that I don’t think we are spending enough time thinking or talking about.

While I was in Iceland a few weeks ago, there was a set of discussions driven by Brad Burnham of Union Square Ventures about trying to make Iceland and “Internet Neutrality Zone” similar to Switzerland and banking. While I have no idea if this is feasible, the need for it seems to be increasing on a regular basis.

I encourage you to read Dave’s post below carefully. While neither of us are endorsing or defending Megaupload, it’s pretty clear that the second order impact and unintended consequences around situations like the government takedown of it have wide ranging consequences for all of us. And – it’s not just the government, but mother nature and humans.

Suppose you live in an apartment building, and one day the federal government swoops in and takes control over the building, preventing you from entering or retrieving any of your belongings. They allege that the landlord was guilty of running a child prostitution ring in the building and, while you are not accused of any crime, they will not give you access to your property. They suggest that you sue the landlord to get your property back, even though the landlord no longer controls the property.

This seems like a fairly obvious violation of your rights, and it is unlikely that the government would be able to maintain this position for long. Yet this is exactly what it is doing in the Megaupload case, and in relation to the rather lesser crime of copyright infringement. Somehow – perhaps because of the pernicious influence of large media companies on the government’s activities – rights to your digital data are taking a backseat to any and all attempts to enforce the copyright laws. This is what the online community was trying to prevent with its opposition to SOPA/PIPA, and the government seems to have elected to implement a de facto SOPA by simply trampling on the Constitution.

While I could rant further about the government’s egregious behavior, let’s talk about the practical implications of this situation. The primary implication is that there is a new risk to your data and your operations when you use multi-tenant online services. Such risks have always existed: if you do not have both an offsite backup of your data and a way to use that backup then any number of black swan events could disrupt your operations in dramatic ways. Earthquakes, wars, power brownouts, asteroids, human errors, cascading network failures – yes, it reads like the local evening news, and though any one situation is unlikely, the aggregate likelihood that something can go wrong is high enough that you need to consider it and deal with it.

What this particular case illustrates is that a company that provides your online service is a single point of failure. In other words, simply offering multiple data centers, or replicating data in multiple locations, does not mitigate all the risks, because there are risks that affect entire companies. I have never believed that “availability zones” or other such intra-provider approaches completely mitigate risk, and the infamous Amazon Web Services outage of Spring 2011 demonstrated that quite clearly (i.e., cascading effects crossed their availability zones). The Megaupload situation is an example of a non-technical company-wide effect. Other non-technical company-wide effects might be illiquidity, acquisition by one of your competitors, or changes in strategy that do not include the service you use.

So again, while this is a striking and unfortunate illustration, the risk it poses is not fundamentally new. You need to have an offsite backup of your data and a way to use that backup. The situation where the failure to do this is most prevalent is in multi-tenant, shared-everything SaaS, such as Salesforce.com and NetSuite. While these are honorable companies unlikely to be involved in federal data confiscations, they are still subject to all the other risks, including company-wide risks. With these services, off-site backups are awkward at best, and more importantly, there is no software available to which you could restore the backup and run it. In essence, you would have to engage in a data conversion project to move to a new provider, and this could take weeks or more. Can you afford to be without your CRM or ERP system for weeks? By the way, I think there are steps these companies could take to mitigate this risk for you, but they will only do it if they get enough pressure from customers. Alternatively, you could build (or an entrepreneurial company could provide) conversion routines that bring your data up and running in another provider or software system fairly quickly. This would have to be tested in advance.

Another approach – the one Standing Cloud enables – is to use software that is automatically deployed and managed in the infrastructure cloud, but is separate for each customer; and further, it is backed up on another cloud provider or other location. In this scenario, there is no single point of failure or company failure. If the provider of the software has a problem, it doesn’t matter because you are running it yourself. If the cloud provider has a problem, Standing Cloud has your backups and can re-deploy the application in another location. If Standing Cloud has a problem, you can have the cloud provider reset the password for your virtual server and access it that way.

As long as governments violate rights, mother nature wreaks havoc, and humans make errors, you need to deal with these issues. Make sure you have an offsite backup of your data and a way to use that backup.

June 15th, 2012 Categories: My Investments Tags: backup, goverment, megaupload, PIPA, SOPA, standing cloud

http://blog.momekh.com/ Momekh

The solution on offer makes sense of course. But it feels like a never ending race. Maybe its just me.. .hmmm…
Mr.JeevesCRM.com

Business Continuity plan,i say!
http://petegrif.tumblr.com/ Pete Griffiths

This is a big deal. I completely agree.

It is related to the issue of encryption. There was a case recently wherein a US citizen was detained for his involvement with Tor.
http://www.facebook.com/liquene Alex Valli

Thank you. Although I understand you cannot declare more explicity the incredible hypocrisy behind the whole argument, I am surprised and positively impressed that you endorsed this position.
- http://www.feld.com bfeld
  
  Alex – I’m not totally sure what you mean. I read this twice and I’m tangled up in the second sentence.
http://www.3scalesolutions.net stevenwillmott

Great article – this is an important issue and doesn’t get talked about that much. However, much as like standingcloud (great service) – I really don’t think it solves the biggest chunk of the problem and ending the article just with that leaves a lot unsaid.

The implication is that you could take open source (or proprietary) software and obviously turn that into what are effectively SAAS apps that you control – but not need a SAAS vendor behind it. That works for certain things and is great in itself – but it doesn’t address the very large issue that many of todays SAAS apps don’t have available equivalent software + you don’t want the overhead of having to manage it yourself. Thinking even further, if they did provide you with the software you’d likely choke on the cost.

You could argue that it’s dumb to be pumping data into (e.g.) salesforce when this type of risk exists – and for certain companies it likely is a blocking factor – but the reality is that it’s unlikely that it makes sense to “undo” the move to SAAS multi-tenant for many.

So what’s the solution to those cases where there is no equivalent software? I’d say there’s almost certainly a business to be built around hosting only normalised data which can be used by many of these apps. That is – companies storing data locally or in another cloud system and then “granting” access (e.g. openAuth) to SAAS Apps vendors to use that data and push/pull from it. I.e. the SAAS apps are a logical / view layer on top of data which could be hosted elsewhere.

The advantage is you have more control – potentially moving your data between multiple storage providers + have the ability to switch SAAS app vendor much more easily. It’s also easier to attach external BI system like gooddata. Many companies already do this – internally stage data before pushing/pulling to their vendors but it’s hard to organise and keep synced.

No doubt SAAS vendors would fight the trend (since it removes lock-in) but they could even be amongst the data storage providers, and in the long run the advantages are compelling. (It’s classic MVC – separate your data from control logic and views.).

Lastly you could ask what happens if legal threats are made to the data storage provider? this could happen of course, but it’s much less likely since they are unlikely to be doing crazy things + if the model is good enough they could indeed provide local mirroring and there would be a clear case for customers to get “their data” out should anything happen to the company.

If someone reads this and builds the company that does this, we’ll signup but I want 6months for free and a beer .
- Dave Jilk
  
  Steven,
  
  I did address the solution with SaaS briefly: the SaaS companies could do it or a third-party could do it – or both. Assuming the SaaS companies do not implement a solution, a third-party would have to select software that is *roughly* comparable and have a way to convert data into that software so that it could be used on an interim basis – and possibly back again. They would have to have an automated download/backup so that the data was reasonably current. There are different considerations for different degrees of “down” – for example, many companies could get by with a few hours of “read-only” on their CRM data, but ERP is a different story and anything more than a day or two starts to cause problems in anything. In that case you need some sort of two way interface, a feature limitation, etc.
  
  It would be fundamentally like a road that is under construction – not really in very good shape, but at least you eventually get through the cones and such. But it’s better than what one has now, which is downtime until the provider is available again.
  
  If the SaaS companies did it, they would face their own challenges but presumably they could charge for it. Many of them are not set up to have their software run anywhere but their own data centers and architectures. Their data is not structured to be stored separately by customer. Etc. – all the reasons they run as a service in the first place.
  - http://www.3scalesolutions.net stevenwillmott
    
    Hi Dave – I think that makes total sense. Hopefully over time some of the underlying data formats will standardise also so it becomes easier to move. I guess SAAS companies don’t necessarily want that – but for business continuity reasons it likely makes a lot of sense!
likethesky

Saw this article today:
http://www.theatlantic.com/technology/archive/2012/06/how-google-decides-googles-transparency-report-and-what-it-reveals-about-the-companys-role-in-the-world/258633/

Which caused me to think of your post here. Definitely food for thought.

Another article: http://www.firstpost.com/tech/googles-transparency-report-us-leads-the-censorship-brigade-349101.html

In case you don’t have time to click through, the FirstPost article has the following quote which sums up the gist of it:

“The US government filed 6,321 requests with Google for user data during the final six months of the year. That was far more than any other country, according to Google, and a 6 percent increase from the previous six months. Google complied with 93 percent of the US requests for user data, encompassing more than 12,200 accounts.”

Some more links:

http://www.google.com/transparencyreport/removals/government/countries/

http://googlepublicpolicy.blogspot.com/2012/06/more-transparency-into-government.html
hullsean

Right. Firms often ask me, in the cloud, where is my data? While a perhaps more important question is, if a subpoena summons the cloud provider, could it possibly draw my servers & unencrypted data into the net?
Pingback: What SaaS EHR Users Can Learn from the Megaupload Takedown | EMR and HIPAA
Pingback: xbox 360
Pingback: penis advantage review
Pingback: mike geary
Pingback: bumperstickerquotes.org
Pingback: penis advantage scam
Pingback: edu backlink service
Pingback: get a free ipad
Pingback: best led tv brand
Pingback: penisadvantage
Pingback: free xbox 360
Pingback: best portable dvd players
Pingback: the truth about abs review
Pingback: does penis advantage work
Pingback: Sharee Lemaster
Pingback: Abram Leipheimer
Pingback: cheap edu links
Pingback: hostgator 1 cent
Pingback: free ipads
Pingback: best 60 inch led tv
Pingback: penis advantage review
Pingback: cheap backlinks
Pingback: free xbox 360
Pingback: best portable dvd player
Pingback: Johnathan Bobson
Pingback: Gillian Boehringer
Pingback: Katheryn Silleman
Pingback: Alexander Braver
Pingback: Trinity Orea
Pingback: Parker Welton
Pingback: Barbie Duffer
Pingback: Ayesha Obiesie
Pingback: Cecile Gerson
Pingback: Michal Liukko
Pingback: Stefany Eberth
Pingback: Pedro Billet
Pingback: Deloras Oderkirk
Pingback: Roy Hequembourg
Pingback: Delphine Santangelo
Pingback: tao of badass review
Pingback: Flossie Zupancic
Pingback: Muriel Liversedge
Pingback: Johnnie Konzen
Pingback: Beverley Waldrep
Pingback: Celestine Gasse
Pingback: Willard Jaquess
Pingback: Paris Ludvigsen
Pingback: Arnulfo Aquas
Pingback: Florine Tatge
Pingback: Renato Holloman
Pingback: Edmund Rolf
Pingback: Malika Spiers
Pingback: Millard Alegria
Pingback: Shane Perham
Pingback: Roy Omeara
Pingback: Glinda Behymer
Pingback: Wilfred Andrada
Pingback: Staci Lerwick
Pingback: Lelia Lantgen
Pingback: Katherin Tipple
Pingback: Taisha Jolissaint
Pingback: Felecia Kolkman
Pingback: Tilda Zelman
Pingback: Mark Biro
Pingback: Micheal Ashbach
Pingback: Gilberto Bartolotta
Pingback: Clarita Mehtani
Pingback: Lelah Ising
Pingback: Jaqueline Emfinger
Pingback: Cherri Massoni
Pingback: Antony Ianniello
Pingback: Francisco Shindo
Pingback: Cheap Rolex
Pingback: Herma Heckers
Pingback: Cortez Bedingfield
Pingback: Arica Mccalment
Pingback: Aimee Bridenstine
Pingback: Manuel Simi
Pingback: Shellie Spitznogle
Pingback: Jesica Lamos
Pingback: Leonida Streets
Pingback: Julieann Lundell
Pingback: Frieda Hele
Pingback: Reginald Devon
Pingback: Carmine Chitwood
Pingback: Pierre Spanner
Pingback: Anton Fermo
Pingback: Paul Haider
Pingback: Janna Grothaus
Pingback: Chong Garmon
Pingback: Elvis Cassase
Pingback: Jonas Mullings
Pingback: Mercedez Kochert
Pingback: Billy Hettwer
Pingback: Bill Stomberg
Pingback: Merlin Geringer
Pingback: Marguerite Chugg
Pingback: Dong Serrano
Pingback: Katie Stacer
Pingback: Demetrius Vasaure
Pingback: Kent Yanez
Pingback: Star Dewees
Pingback: Stanley Malave
Pingback: Erik Soboleski
Pingback: Leigh Osorno
Pingback: Albert Pidcock
Pingback: Sol Yagues
Pingback: Laquanda Amos
Pingback: Brigitte Keithan
Pingback: Tia Clennon
Pingback: Cedric Gransberry
Pingback: Ervin Schwander
Pingback: Ophelia Salvesen
Pingback: Rubie Blette
Pingback: Beaulah Brickel
Pingback: Latesha Josiah
Pingback: Alonso Connoly
Pingback: Renaldo Seda
Pingback: Albina Villot
Pingback: Dwain Scaringe
Pingback: Milford Mcilroy
Pingback: Gil Trebilcock
Pingback: Verdell Ronne
Pingback: Sofia Edds
Pingback: Frederica Basista
Pingback: Ricki Gafanha
Pingback: Marc Kjellsen
Pingback: Autumn Coletta
Pingback: Sima Mcgirt
Pingback: cheap quotes for car insurance
Pingback: Hiram Pluhar
Pingback: Eugenia Medel
Pingback: Isaura Tenda
Pingback: Audrea Chon
Pingback: http://www.ctap8.com/groups/onlinelearningsurvey/wiki/5c622/Just_what_Every_one_Really_should_Find_out_about_the_Truth_about_Six_Pack_Abs.html
Pingback: http://media.wcu.edu/groups/hendersonadvising/wiki/4620d/Just_what_exactly_Every_body_Has_to_Learn_about_the_Truth_about_Six_Pack_Abs.html
Pingback: http://535013df.static.ziggozakelijk.nl/groups/kipodtouch/wiki/24479/Unlock_your_excellent_tunes_expertise_with_all_the_most_desirable_conquer_producing_software_applications.html
Pingback: Ossie Ulstad
Pingback: Steven Villnave
Pingback: Drema Chowenhill
Pingback: http://www.cerev.info/groups/testwiki/wiki/b040b/The_magic_of_creating_nearly_get_the_ex_back_again.html
Pingback: Bennett Chamness
Pingback: link building service
Pingback: Nathanial Camarena
Pingback: Isreal Pickette
Pingback: Katharina Turay
Pingback: Wilson Santorella
Pingback: Hubert Maccabe
Pingback: Xochitl Sabado
Pingback: Ok Popik
Pingback: Oscar Tenny
Pingback: Birdie Daoud
Pingback: Denisse Yamaoka
Pingback: Shanelle Scharler
Pingback: Dexter Lapari
Pingback: Kathlene Kudasik
Pingback: Jefferey Mattila
Pingback: Reagan Kolen
Pingback: Babette Lattig
Pingback: Keven Kolber
Pingback: Anthony Pickerell
Pingback: Antonia Debernardi
Pingback: Mohamed Hoyle
Pingback: Latrina Kachermeyer
Pingback: Jarod Colville
Pingback: James Levandoski
Pingback: Abe Ahrent
Pingback: Irvin Bingham
Pingback: Jackie Kuney
Pingback: Mary Pallansch
Pingback: Jene Greth
Pingback: Jule Grajek
Pingback: Migdalia Bartkus
Pingback: Sherrie Bainard
Pingback: Emilio Brackemyre
Pingback: Madalyn Uniacke
Pingback: Maryalice Amsdell
Pingback: Daniel Vigiano
Pingback: Albert Dado
Pingback: cheap auto insurance oregon
Pingback: Rickie Leva
Pingback: Desiree Abdi
Pingback: Kenda Strock
Pingback: Doris Sogge
Pingback: Shark Helmet
Pingback: Edwin Tarry
Pingback: Charles Bierlein
Pingback: Kourtney Thelen
Pingback: Tova Chapnick
Pingback: Verena Muma

Megaupload and the Future of Multi-tenant Services

Popular Tags

Categories