In the early morning hours of April 21, 2011, Amazon began experiencing networking problems with one of its East Coast servers. By the time New Yorkers were having their breakfast, these problems had ballooned into a full blown disaster for dozens of Amazon’s enterprise customers that depend on the internet giant for hosting and cloud computing services and, to the extent that it affects their bottom line, investors in such companies.
In the wake of Amazon’s network failure, many news outlets have projected the crisis as a failure of cloud computing itself. One of the pillars of the cloud, at least in the eyes of the public, is reliability. It is the belief that, like the internet itself, the cloud’s decentralized structure makes it more resilient and redundant than conventional computing. In relation to this tenet of cloud faith, Amazon’s own website states: “When one node fails, millions of other nodes pick up the slack. As a result, you gain all the benefits of an always-on and self-healing infrastructure, without ever having to configure or replace hardware.”
The belief that the cloud is infallible has been significantly weakened. Now, companies need to analyze, from a management perspective, the root cause of the Amazon service interruption and how to avoid such crises in the future.
There is no doubt that Amazon bears, and is in fact receiving, the majority of public and private censure for failing, as a result of a technical problem, to keep the relevant server facility up and running. It is also the fault of Amazon customers, however, for not mitigating their own risk. If you ask any responsible Chief Information Officer (CIO), he/she will tell you that a good disaster recovery policy is essential to ensure business continuity. For example, Bizo, a popular online marketing platform, was barely affected by the Amazon downtime due to reactive management and existing business continuity measures which it had in place. In fact, the majority of the companies that were paralyzed by the Amazon downtime were those with no business continuity plans in place or which had chosen to not pay additional fees for back-up, or parallel systems, in the cloud.
Two examples of Canadian companies, one public and one private, that have taken the message of business continuity to heart are OpenText and Bellin Treasury Services Ltd.
Based in Waterloo, OpenText, an enterprise software company, now offers a disaster recovery solution for telecommunications companies. The “Enterprise Content Management” (ECM) solution has a records management functionality which operates as a secure back-up of disaster recovery records which is accessible to specified group of customer team members and designed to make the disaster recovery process more efficient.
Based in Vancouver, Bellin Treasury Services, the North American subsidiary of a German treasury software company, offers its clientele the option to have their treasury software hosted within Bellin’s facilities. Rick Beecroft, President of Bellin Canada, says that Bellin has taken practical steps to ensure continuity of service for its customers: “In a nutshell, we hold our customer’s data in two geographically distinct data centres. Each these data centres are required to have a different risk signature.” In addition, Mr. Beecroft points out that the Amazon crisis may have been related to a lack of capacity in Amazon’s redundant arm (i.e. fail-over capacity), and that, several years ago, his company took the additional step of ensuring that the capacity of its fail-over centre is equal to its primary data centre.
Now that the cloud has lost some of its lustrous lining, companies will need to take a hard look at their disaster recovery policies. They should also review their existing SaaS agreements to determine remedies, and their enforceability, in the event of server downtime. At the end of the day, disaster recovery is more than just a legal and technical policy which gathers dust on someone’s desk, it is a pro-active attitude towards business continuity.
Timothy W. Murphy, LL.M, is a Vancouver-based technology and business lawyer. To contact Murphy & Company, call (604) 360-7014 or email: firstname.lastname@example.org
To read the article on the Cantech Letter, visit: http://www.cantechletter.com/2011/04/dont-blame-the-cloud-2/
This article is not legal advice and is not intended as legal advice. This article is intended to provide only general, non-specific legal information. This article is not intended to cover all the issues related to the topic discussed. The specific facts that apply to your matter may make the outcome different than would be anticipated by you. This article does not create any attorney client relationship and is not a solicitation.