A Cloud and a Prayer

imageAmong the many calamitous events that have marked the current global financial crisis, the U.S. government seized the bank Washington Mutual late last month in what was described as “by far the largest bank failure in American history.” For the generations of people, like me, who grew up thinking of the Great Depression as an historical event — something essentially unrepeatable, like say the Black Plague — it’s something of a shocker that a Depression-style implosion on the scale of WaMu could even take place in the 21st Century.

Dramatic reversals of business fortune are a reminder that the constants of commercialized life (in my view, we’re almost all of us living highly commercialized existences) aren’t quite as untouchable as we thought. The concept of “too big to fail” is under siege at the moment. The fact that a company, product or service is so clearly dominant and relied upon is no guarantee of its survival.

In particular, I make this point in regards to Web applications, cloud computing, putting your data online — whatever you want to call it. Over the past decade, consumers have been relying on Web-hosted services to house their information more and more, and on independent stores of data on their personal computers less and less. Forget PCs even. It’s no secret that vanishingly few people are relying on personally maintained copies of records that exist in the home, like say a checkbook register, too.

Many of you reading this right now probably rely on some form of Web application for your email, spreadsheets, word processing, finances, or even to run your business. And that’s just the productivity side: think for a moment about all of the value you’ve created in the social networks you’ve built on say LinkedIn, or the narratives you’ve weaved on Flickr, or the conversations you’ve had on Facebook, or the journaling you’ve done at Tumblr. It’s almost all online, and very little of it is on your computer.

Fair Weather Finances

In optimistic financial climates, trusting the cloud seems like a fine idea. The fact that many small businesses store their mission critical project information in a tool like Basecamp makes a lot of sense because the good folks at 37signals have demonstrated themselves to be reliable and trustworthy keepers of that data, even as (or especially as) their business has grown exponentially. Consumers who manage their personal finances through a tool like Mint are reassured by the strong venture backing and public support standing behind those startups. And if you do anything using Google Docs, there’s good reason to feel secure too — their size and future seem soundly protected.

Just consider a moment though: today’s market capitalization for Google stands at the robust figure of US$107 billion, which few would argue qualifies as ginormous. On the other hand, at the time of its failure, WaMu was said to have US$307 billion worth of assets on its books. And still the bank collapsed.

In my view, it’s a given that some of these Web businesses will fail. Personally, I doubt it will be Google, but after watching trillions of dollars of wealth vanish in the market over the past several weeks, I tend to doubt Google’s potential for implosion a little less today than I did six months ago. As for smaller players, who knows if they will survive or not? The size of a company is certainly not a reliable shield against failure, but being small doesn’t necessarily guarantee a company will be around in the long term, either. I just don’t think that it’s realistic to assume that all of the data we’re storing online is safe. So a friendly reminder: back up.

Make Note of the Exits

Rather than just coming off as an alarmist, I want to add a few constructive comments to this dire warning. Part of this situation has very much to do with software architecture: these applications should be designed to allow users to mirror their data on their personal computers, ideally in open formats. I’m not just talking about an option to export one’s data to an archive file, though, but rather about true, seamless mirroring. For instance, I pay a company to store my mail on the cloud, ostensibly, but I have no more or less trust in their longevity than I do in any other online business. Through the underestimated miracle and beauty of IMAP though, all of my messages are also mirrored on my hard drive, an invaluable insurance policy against the sudden disappearance of my mail server or host provider. To me, the IMAP approach is really the ideal approach, and I really wish it was a model for more Web services.

My other idea for mitigating cloud computing risk is a little touchier and will undoubtedly raise some hackles, so I’m just going to come out and speak its dirty name: government regulation. Part of the reason that WaMu’s failure didn’t ignite a run on the bank (or indeed, on all banks) is the (hopefully) concrete reality of the Federal Deposit Insurance Corporation. For most intents and purposes, the money in WaMu customers’ accounts was protected by the U.S. government — not just by the fact that it was insured, but also by the fact that, in order to qualify for the insurance, WaMu had to follow certain regulations in its management of money.

Data is almost as good as money, but I don’t know of a single consumer Web application where access to data is guaranteed by a third-party private entity, much less by the government. By no means am I begging for government regulation; doing so has the potential to undo the innovation equation that defines the digital age. Personally it’s my view that that way lies madness. But so too does the path of inevitable failure that we’re on. Essentially, as consumers of cloud computing, we have virtually zero recourse, to say nothing of insurance. It’s something we should be thinking about and talking about more explicitly as we continue to move more and more of our lives online.



  1. Yikes! This is also one reason why I switched to Apple Mail + IMAP this year. It’s a talking point for why I’ve gone back and forth with using Basecamp in the last several months. I need online and offline access. I need an escalator and an elevator; an emergency staircase and a wheelchair ramp.

  2. While I understand your points, I must respectfully disagree.

    Primarily, I think the prime reason we won’t see existing web companies fail spectacularly is because they do not have nearly the amount of risk that banks and such have. Web business don’t have to take many monetary risks with things, at least beyond development costs. While their venture funding might dry up, an existing service could easily be maintained on a shoestring budget long enough to transfer data—unlike a bank, which requires huge capital just to function.

  3. This reminds me of what a friend defines as GDS – the “Google Dependency Syndrome”. It is something that pretty much every one of us has fallen into at one time or another – I have to admit that I’ve found Gmail more reliable and functional than having to bother with email archives personally, and there’s a reason why Google has become a verb in the popular lexicon.

    But yes, the thought of realizing you’ve invested so much time and resources on those sites (in my case, Flickr and del.icio.us come to mind) and the odds of them going belly up and taking our data with them leaves you pondering how dependent we are voluntarily being on these resources without giving a second thought.

    Although that’s not likely to happen with Google and Yahoo in the near future – not without a warning sign, at least. I’d be far more wary of all those Web 2.0 startups with funny names and no business plan which give me a sort of dжja vu feeling of how things were before the dotcom crash of 2000.

  4. Funny, I was just cleaning up a post on “The Cloud” and data synchronization when I read this article. I completely agree that the IMAP model — one that’s been around in some form or another for 20+ years now — is a great example of how a lot of other online services should work.

    My post.

    If you’re interested.

    BTW, I also agree that government regulation is not always a bad thing. I’m sure a lot of folks who lost their DRM-encoded media from various failed online services would have appreciated a little insurance from someone. I doubt that will happen without some sort of regulation.


  5. The mechanics of this make me queasy. With a financial guarantee, the government is essentially making a promise to pay you back for any money (up to a certain limit) that you lose when the bank fails. Since the government prints the money, there’s little risk of it running out; plus, their money is as good as anyone else’s. But how could the government guarantee that you get your data back in the event of a failed cloud? By providing some kind of government back up? I’m all for regulation (it’s the grumpy socialist in me), but even I do not want the government to have a copy of my emails that they could, say, flip through without a warrant.

  6. Morgante Pell: You are just making the point stand out. Just as you can’t see today any reason why web-companies won’t disappear in the future, don’t mean they won’t. No-one would have anticipated just the impact we now see on the financial institutions – even the ones that have not done anything risky – a few years ago.
    Point is that shit happens – and the problem is you never know when and what kind of shit will hit which fan. For instance (though unlikely!) would a sudden enourmous surge in the cost of running a web-host take out a whole lot of these companies.

  7. Perhaps some cloud service providers could get together and create a Cloud User’s Bill of Rights? Mandatory backup access, preference for open data formats, thirty-day warning before a website (or any of its major services) are disabled, and so on.

  8. @Mandy, perhaps it would be easier to force the ‘cloud companies’ to allow users to be able to manage their own data in easy ways, ways that will easily sync to a Desktop machine.

    Expecting the government to backup or provide fail-safes for the companies we trust our data with is asking for trouble. Should the US government be backing up data that belongs to non US residents? I’m certain people outside the US don’t have the same faith in the US government to be responsible with our data.

    I think it would be useful if companies had to provide a method to get easy access to all the data you spent hours creating. If it could be a simple ‘background synchronization’ then many people wouldn’t need the gov’t intervention.

    Hmm, maybe we need another cloud company to sync all this data and package it into a desktop app?

  9. I take your point, and can’t do anything but agree. However, the undergraduate economist in me gets annoyed when people say things like:

    Just consider a moment though: today’s market capitalization for Google stands at the robust figure of US$107 billion, which few would argue qualifies as ginormous. On the other hand, at the time of its failure, WaMu was said to have US$307 billion worth of assets on its books. And still the bank collapsed.

    Assets on a bank or investment company’s books is an entirely different thing to market capitalisation. Those figures have been juxtaposed as if they can be usefully used as a comparison, and they can’t.

    In fact, all other things being equal, the more funds a bank has under management, the riskier it is (from a shareholder’s perspective).

  10. This is why I’m cautious of the “cloud”. I use MobileMe, but that basically syncs data that’s also always resident on my other devices. My IMAP client is always running at home, I have copies of my contacts, calendars, etc.

    I have a web site that while irrelevant to many is priceless to me, it has 2 + years of photos, videos and random blog entries that I started just prior to the birth of my daughter. I don’t post pictures to Flickr or Youtube – they are just services. I had a few pics on Yahoo from years ago, pre-Flickr. Those were deleted by Yahoo – so sometimes you don’t even need a company to go under – just a shift in business model can cause your data to go away.

    If I see a Youtube video, quite honestly, I download it, convert the FLV to QuickTime and post it directly on my site, retaining a copy locally. The web site is there for posterity, and I trust no other entity to preserve all of it.

    I USE Internet based services, I don’t RELY on them.

  11. Your excellent post was forwarded to me after a lunchtime conversation on just this subject.

    I work at a school where a number of teachers use the 4-year-old online gradebook service Engrade.com–used by 50,000 teachers, according to their home page. Unfortunately, their database has suffered some sort of meltdown in the past two weeks, and requests for assistance from users have gone unanswered. I’d only just begun using the service, in part because of an option for backing up data in CSV format on my local machine… which turned out be be a wise thing to have done.

    I’m not anti-cloud, but I’m absolutely anti-data loss, and your post nailed it perfectly. Thank you.

  12. Mandy, nobody would want mandatory government backups. I think the data security we are talking about here has more to do with having enough money than actual broken hardware. When some company fails they will (most likely) still have the actual data, just not the money to do anything with it. For that purpose government could give the company some money so that they can at very least give their customers their data back.

    I understand that this is hugely complex (especially if the data is saved in some proprietary format), but I think there are simple possible solutions: the government could for example start a program where companies get a certificate if they save their data in easy to handle open formats and then, should the company fail, the government guarantees that the data will be safe and returned (via government funding).

    The big but here is not so much technical but has more to do with the international nature of such online services. You can get a flickr account everywhere, so international guarantees would be needed.

  13. Actually, many smart minds could see the economy was in trouble before the latest crash.

    The fact is, even when it is working, the financial industry takes on incredible risk. Their entire business is built around dealing with money which doesn’t actually exist and betting on everything from bonds to mortgages.

    Even when considering the worst possible situations, there isn’t much which can truly drive a competent web business bankrupt. One of the biggest external factors is the cost of energy (for servers). Yet, even if the worst happens and all oil energy cannot be used, the investment it would take for alternatives isn’t even high enough to drive them out of business — especially with Google leading the way.

    I think the best goal for a startup is to become as independent as possible: eliminate depends upon venture, upon market conditions (consumer spending), external hosts, etc.

  14. You draw so many flawed comparisons and conclusions in this post that it baffles me how it came from an Internet professional of your caliber; and that is before you even get to the part about government regulation.

  15. At what point will people remember to take responsibility for their actions? This is all crazy “protect me from myself” socialism disguised as “cloud-could-fall-at-any-moment” hand-wringing. If I choose to upload my entire life narrative (personal info, pictures, video, finances, etc.), I should ALSO understand that nobody is forcing me to do so. I will never understand what motivates people to try to make someone else responsible for their poor / uninformed / head-in-the-sand / naive actions.

    Backup your stuff. If you think that “The Cloud” is susceptible to service interruption, data theft, business failure, and / or unintended uses (and it is), and you want to mitigate your personal risk, choose the “anti-social” – opt-out.

    Trust me, you’ll have more free time / peace of mind / enjoyment of life and get back to living a real-physical-world existence once you stop checking your FaceBook page, Twitter-ing your last bowel movement, posting cute pictures of your goldfish on Flickr, and uploading your two cents to your blog. And when those services disappear, you won’t be wondering who will come along to “bail you out” by restoring your online life.

  16. Morgan, I’m not convinced. A “run” on a storage service even as well backed as Amazon S3 could bring it down to the point that if its funding has run out you never get a chance to get your data out. Store a couple of terabytes in it and it would take you days if not weeks to transfer to somewhere else. Actually, just one terabyte is more than my ISP allows me to download every month. If I had been archiving off gigabytes every month to S3 for a year or two I would easily be in a position where I cannot get all my data back in a useful time period. I’d be phoning Amazon and asking if they do a “burn to DVD” option…

    Scary thoughts guys.

  17. In that respect, I agree with Kohl — you should keep copies of your data.

    That’s not just because a service might get shut down (I don’t think it will be that common) but just from a speed and personal security standpoint.

    I think Kohl is too reactionary in this post — services aren’t going to be dropping like flies in the rain without notice. We don’t need the government’s help — we just need to adopt basic safety measures.

    I don’t by any means oppose the cloud: I keep plenty of data in S3 and such, but its all as a backup — I still keep copies locally, as I do with everything. I have a copy of every Flickr photo, every Delicious link, every gigabyte of online storage, stored on my local server as well. I do think we need better sync options, to keep all this data up to date.

    A great example of this is Dropbox — instead of asking you to trust them with your data, they store it locally but also sync it to their server and your other locations. I’d like to see more services adopt this model in the future. Disk space is so cheap now, it shouldn’t be an issue.

  18. Maybe if we involve the government, they will mandate cheap ‘cloud’ storage for everyone, and the companies will move to provide it whether or not they can keep up the same level of quality, if they fail, the government will bail them out. They wont have an incentive to maintain that quality. They may fail as a result of government involvement.

  19. This post is basically right-on — what you’re describing is a specific instance of the fragility of tightly-integrated systems like “just in time” manufacturing and delivery. They’re very efficient when everything works right, but increasing the interdependencies creates more opportunities for failure and loss when something doesn’t go right.

    Overall I wish there were more work going into (legit) peer-to-peer systems, and less into giant centralized web services. P2P protocols have to deal with redundancy, security and connectivity issues from the get-go, and they rely on much less of the infrastructure; many don’t even need DNS.

    A few points about Google [which is where I happen to work, though I don’t speak for them]:

    Ћ As others have pointed out, the comparison of Google to WaMu is pointless. In addition to market cap and bank deposits being apples and oranges, the fundamental thing that killed WaMu is that it ran out of money due to insufficient deposits to cover debts. By contrast, Google (like Apple) has no debt and many billions of dollars of cash in the bank. It’s very difficult to imagine a company in those circumstances going under.

    Ћ Google’s data has a large amount of redundancy, due to the large number of data centers and the design of its highly-scalable storage mechanisms like BigTable. This gives it some of the resilience of a P2P system — I suspect it would be very difficult to wipe out someone’s data without nuking multiple data centers.

    Ћ Google is being pretty proactive about giving users the ability to export their data in easily-readable formats, for backup or transfer. Some Google apps support export already, like GMail and Calendar, and others are working on it. And in general, the Atom-based GData APIs allow other apps/sites the ability to export data from Google apps that support them.

    I think asking for export to be mandatory is going a bit too far, though. That could be a hurdle for startups, especially since in the early days of a site the schema can be evolving rapidly. As long as users see export as being important, websites will evolve to provide it as a checkbox feature.

  20. I don’t understand why mandatory exporting is a big thing here. Look, if you rely on ONE provider for all of your information, both online and backup, you should be aware you are taking a big risk.

    The company we use for off-site storage of our backups is not the same company that provides our data center services. We have our own data center, with our own circuits, and our off-site disaster recovery data center uses circuits from a different provider, plus we have backups that go into storage.

    If your cloud based provider doesn’t offer a easy way to backup your data locally or with somebody else, you don’t need Uncle Sam’s help, you need a better provider, or to acknowledge that you’ll backup data BEFORE sending it to the cloud, or just realize you are taking a risk.

  21. Sometimes only the small survive. No land animal with a body weight of over 50 pounds survived the dinosaur age. After humans, it is likely that bees or cockroaches will rule the earth. Same can be true for economic downturns. In a strange way, WaMu failed in part because its market cap was so large; it enabled them to be so extraordinarily leveraged. If your portion of the cloud is supplied by some small, fast, and agile provider who doesn’t have a financial anchor around their neck (by being too leveraged, too invested, etc.) then you (and your cloud host) may just survive.

  22. While I do agree that some kind of back-up insurance policy is in order (be as it may, I am in favor of local mirrors) I cannot in good faith support government insurance of our data for two reasons.

    First, bureaucracy. If there were a catastrophic event and data was lost, you’d spend less time filing paperwork for a rebate on software or batteries than you would trying to get the government to release your files.

    Second, that much (potentially) sensitive data could prove too tempting for certain agencies’ behavioral models. Photos, contacts or emails alone aren’t enough, but when you combine these things, a picture starts to emerge. While they already exist in various clouds, collecting them in one place makes data mining that much easier.

  23. I see online cloud services more as a backup to what’s on my local machine than the other way around, the exception being Gmail at the moment. But it should be safe to say that not all of the smaller, niche companies will be around long enough to see us through the next five to 10 years with mergers, buyouts, and failures being a regular part of dotcom business. For example, many photographers were relying on companies like Digital Railroad & Photoshelter for online sales and both have had to make major shifts in business plans, with DR being liquidated in the next 30-90 days. That’s sort of the problem with digital *everything*, the data is all kind of theoretical and with a flip of a switch it call vanish unless there’s a backup which needs its own backup, which hopefully has a hardcopy backup.

  24. Part of the problem isn’t simply company health. A company doesn’t have to die for some of its services to go away. Google doesn’t make its money off of free services, apart from selling its users to advertisers. And even a company as large as Yahoo isn’t immune to hostile takeovers which could replace ‘redundant’ services, or degrade the service until its unusable.

    Furthermore, the issue of data security is big. Corporate espionage, lost laptops, or even subpoenaed data all are threats beyond data loss. But unfortunately, the cloud usefulness is too great to eliminate this, only mitigate it.

    Having some form of government oversight, or more importantly, government backup, is definitely not the way to go. Making it easier to do local backups, however, should be something people consider when using a service.

  25. I’ve have nothing on the cloud, I even download my email every day from gmail to mail.

    I’m too control freak and paranoid to trust on the hard drives of some one else.

  26. Just a little note here:

    I feel like its not easy to see Google and WaMu as analogous entities, in any form ranging from corporate governance to the actual customers they serve. I don’t know if that strengthens or weakens the argument here; the general argument here is very agreeable, though.

  27. people should only use web applications for their public life, and as such, accept that there’s no guarantee that their data is safe and well-guarded

    as for sensible data, I think serious companies should provide a desktop application that allow users to store locally and safely their data. google is already doing that with imap access, or the ical export feature in gcalendar. all other web applications should follow suit

  28. Google, Amazon, or other large web companies could fail sure, but it won’t be fast and dramatic like WaMu or any of the recent financial institution failures. The financial companies were highly leveraged with billions in outstanding liabilities. In the case of WaMu, there WAS a run on the bank. In the 10 days prior to the September 25th government conservatorship, over $16 billion was withdrawn from WaM accounts.

    I can’t see the large public cloud companies failing so quickly, but I can with private venture backed companies. In 2001 I had an ISP fail and shut the service off with only 1 day warning to their customers.

    In any case, I do agree with your major point, we should all prepare for the worst, and be wary of vendor lock-in.

Thank you! Your remarks have been sent to Khoi.