What happens when your cloud provider goes out of business?

Going with cloud providers doesn't mean you can forget about disaster planning. What if they go out of business, taking your server capacity and data with them? 

 

There is no doubt that cloud computing is one of the greatest advances in IT on recent years. Regardless of the fears and uncertainty that many companies experience before moving to the cloud, the benefits that are realized once the move is made are simply too large to ignore. Cloud computing has enabled companies of all sizes and in all markets to speed up implementation times, to become more agile, and to optimize their infrastructure costs.While many cloud proponents (myself included) will often argue that a lot of the concerns that surround the cloud stem from nothing more than lack of knowledge and an improper understanding of the underlying technological issues, some concerns are not only valid, but should actually be taken into careful consideration when contemplating a move to the cloud. I’ve recently come across one such concern that I feel merits being explored in more detail: what do I do if my cloud provider goes out of business?

 

Disappearing resources

On the cloud, you don’t actually own anything; you are “renting” the resources you are using, for however long you want to use them. It doesn’t matter if these resources are virtual machines, storage space, databases or even software, they are only available to you for as long as you are paying for them, or for as long as your provider stays in business.
What happens, then, if your cloud provider goes out of business? If we actually think about it, this is not a strange question to ask. The cloud is still a growing and new market, with plenty of new entrants and small players offering their services. As the market matures, it’s only natural that some of these companies disappear either by being purchased by others, or simply by going out of business.
Interestingly enough, this problem doesn’t really exist on the conventional IT market. In the case of conventional hardware, you actually own whatever hardware you purchase, so even if the manufacturer goes out of business, you still have the equipment, and can keep using it. In the case of software, or higher level services, contracts will usually specify that license holders receive a copy of the source code in such an event.
On the cloud, such assurances don’t exist, and probably don’t even make sense in the first place. If the company that provides you with cloud servers goes out of business, your servers are gone; if your cloud storage provider goes under, your data will probably going along with them. Let’s take the example of a cloud data storage service further: if your systems are deeply integrated with your storage provider - very likely, in this age of rich APIs and automation - and that provider shuts down, it may be close to impossible to migrate your data, even if you have a grace period.

Avoiding disaster

Is the solution then to simply stay away from the cloud? Or should I only hire the most well-known brands on the cloud space? Neither, actually. In spite of all these risks, moving to the cloud is still fundamental for companies of all sizes, simply due to the potential advantages such a move may bring. And restricting yourself to only the top tier providers may well result in you missing out on some very interesting products and services.
The real solution is due diligence and risk management. Performing due diligence on prospective vendors has always been an important role of the IT department. The cloud makes this an even more important role. IT departments need to establish a good relationship with business users so that they are involved in the decision-making process, and can properly vet providers. At the same time, IT needs to develop contingency plans to handle possible disaster situations: what is the plan if the cloud provider goes offline (for whatever reason)? Using a cloud provider does not mean you can forget about disaster recovery planning. The more these scenarios are thought about and planned for, the smaller the impact of a given provider going out of business.

One fundamental point to remember is to keep an open mind. Too often IT is seen by business users as the naysayers, the guys who reject any company who isn’t . While smaller service providers may be much harder to vet, their services can have a huge impact on business results, so not discarding them out of hand simply due to their size can not only keep IT on the good side of business users, but also bring positive results for the company as a whole.

A final tip for evaluating the risk of cloud companies: understand their business model. Is it sustainable? Are they actually making money, or simply burning through it? Is their long-term plan compatible with your companies’ needs? Answering these questions goes a long way towards ensuring that you don’t partner with the wrong provider down the road. In a future post, I'll provide some more detail about how working with a cloud provider affects your disaster recovery planning.