Admittedly, reading headlines like this has somewhat of a NASCAR effect on me: Watching the cars crash can be most of the entertainment. There were certainly customers that would rightly lose their composure if something like this were to happen. I didn't hear of a whole lot of angst, however. In fact, except for the obvious admonitions that this is a bad development from a number of folks in the investment community, I was surprised how quietly this all went down. Nobody wrote any scathing copy urging IT pros to call their storage vendors and buy good old fashioned physical arrays, although I'm sure folks are adjusting their PowerPoint decks for their sales calls this week. (Why this seems so casual is the subject of another post...)
I was pretty much all set to shrug this event off as if it were a typical market consolidation shift until I got an email from Ziptr. Ziptr, for those who are unaware, was a secure document sharing service. As I write this a few days later, there's no point in linking to their web site. They, too, are long gone. Their final email to me read as follows:
Dear Lazarus,
Please export your data by 12:00 noon Eastern tomorrow, September 27, 2013. Ziptr is closing, and all Ziptr products will be discontinued as of tomorrow.
If you do not need future access to your data, you do not need to take any action. Once we shutdown the Ziptr service this Friday, we will be deleting ALL user data that remains in our systems.
If you do not need future access to your data, you do not need to take any action. Once we shutdown the Ziptr service this Friday, we will be deleting ALL user data that remains in our systems.
To guide you through the process of exporting your important information, please visit www.ziptr.com/FAQ or contact support@ziptr.com.
Sincerely,
Ziptr Support
Ziptr, Inc.
Oddly, several people had used the service to send me confidential documents. These did not belong to me, thankfully, but it suddenly hit me: The company is gone, and it has left behind some assets that someone is going to liquidate. In the old days, no one would consider anything but the physical assets to have any value, i.e. servers, printers, desks, chairs, etc. In today's analytics-driven world however, data and it's metadata have become a sort of currency. The value of whole companies can be largely attributed to the data they house, and the leverage that they are able to create from it. This now-defunct company was a data management company.
Thus, a series of seemingly unanswerable questions keep coming up in my head. Some of them are quite interesting. For example, in a liquidation of a company, who owns the data? The creditors? (Check the terms of use...) What obligation do they have to abide by the same agreements as the defunct entity? (None, apparently...) If they were to receive a subpoena for your data, would they fight on your behalf? (I'm thinking not.) If they were to make your data public, would you have any legal recourse?
Here's what might freak everyone out the most: It's clear that the Ziptr guys were intent on at least trying to do the right thing to preserve security of the data they were holding - i.e. they say they will delete it. Whether they succeed at this is another matter. Whether they had other physical media containing data as backup is yet another further consideration. What happens if you are dropping your data into a service provider cloud that left the encryption up to you? What if you didn't bother to encrypt your data? Most importantly, what if they didn't bother to destroy the data after a bankruptcy?
In the Brave New World in which we live today, it's clear that the legal framework we are using to operate may be sorely inadequate to protect us from the kind of predatory entities that may exist out there. I am not aware of any of the scenarios I am contemplating having really been tested in American courts. The outcomes may not be in favor of the entity that created the data. It really is unclear who would win in a lawsuit. So what do you do?
First, it is doubtful these happenings will materially dent the growth of the cloud business model. We have gone too far to reverse, and the value proposition is established. On the other hand, a bit more due diligence may be required before you sign on to a service provider if they are going to be holding your data. If you are going to put it in a cloud, you really need to think about a different sort of "disaster recovery", because our current set of laws are probably not going to adapt in an expedient fashion to the march of technology. At a minimum, this means that you need to be sure you retain the rights to your data, that it is secure, that you can move it when needed, and that you can be certain it can be vaporized if you deem it necessary. Is this the beginning of a "Data Bill of Rights"? Well, we should be talking about this.
Here's what might freak everyone out the most: It's clear that the Ziptr guys were intent on at least trying to do the right thing to preserve security of the data they were holding - i.e. they say they will delete it. Whether they succeed at this is another matter. Whether they had other physical media containing data as backup is yet another further consideration. What happens if you are dropping your data into a service provider cloud that left the encryption up to you? What if you didn't bother to encrypt your data? Most importantly, what if they didn't bother to destroy the data after a bankruptcy?
In the Brave New World in which we live today, it's clear that the legal framework we are using to operate may be sorely inadequate to protect us from the kind of predatory entities that may exist out there. I am not aware of any of the scenarios I am contemplating having really been tested in American courts. The outcomes may not be in favor of the entity that created the data. It really is unclear who would win in a lawsuit. So what do you do?
First, it is doubtful these happenings will materially dent the growth of the cloud business model. We have gone too far to reverse, and the value proposition is established. On the other hand, a bit more due diligence may be required before you sign on to a service provider if they are going to be holding your data. If you are going to put it in a cloud, you really need to think about a different sort of "disaster recovery", because our current set of laws are probably not going to adapt in an expedient fashion to the march of technology. At a minimum, this means that you need to be sure you retain the rights to your data, that it is secure, that you can move it when needed, and that you can be certain it can be vaporized if you deem it necessary. Is this the beginning of a "Data Bill of Rights"? Well, we should be talking about this.
No comments:
Post a Comment