What happens to your data when a cloud vendor goes out of business?
That is likely the question being asked by customers now that Nirvanix is leaving the market. It has been reported that the UK vendor and partner Aorta Cloud, a British company, is working to take over Nirvanix.
The question I believe worth asking is what happens to your data if you are a customer, and this is just one of many that should be asked, given this might be one of the first of the bigger vendors to leave the market, but surely will not be the last.
Nirvanix gave their customers till the end of September to get their data out. So this situation begs the question, if a vendor goes belly up, what happens to your data and how do you get your data that might be business critical? Other smaller cloud vendors might be at risk, leaving us with only with the big three: Amazon, Google and Microsoft.
But back to what happens with your data. If the lights are turned off, do have to become a creditor in bankruptcy court? Do you have to hire an attorney so other creditors cannot get your data as part of their settlement? I am not an attorney so I do not know, but these are the types of random things that I think about.
Clearly, I would want the data encrypted, and I would maintain my own encryption keys because that way even if someone got the data it would not do them any good. What legal precedents exist in this area for judges to draw upon? I did some searching and did not find any, but these are the types of questions that need to be asked so people will know the outcome in advance.
This unfortunate incident clearly points to why I never recommend putting business critical data into the cloud. I recommend managing your own keys, until the legal issues are settled.
Labels: encryption,Cloud Storage,data storage,cloud computing
posted by: Henry Newman