Cloud providers ready to strike with nuclear option

Cloud services come with a new risk: terms of use that allow your supplier to pull the plug on your site with little warning

RELATED TOPICS
Page 2 of 3

Amazon and Rackspace make clear in their terms they will notify you of issues and give you a chance to devise a remedy. Oracle refers to an "investigating agent" with full powers, although there's no promise of notification. Microsoft says it will provide notification and take down only the minimum portion of your cloud presence necessary to resolve the issue (although the company has several overlapping policies with differing, less protective terms).

But the bottom line is that all these providers use language that ultimately allows them, in what they alone decide are extreme circumstances, to pull the plug on your cloud presence. None offers arbitration or compensation in their terms; there are no consequences for them. You may have a contract or a service-level agreement with penalties for outages, but it's highly likely these terms of use will take precedence.

Vendor self-preservation

Why the nuclear option? It's a matter of self-preservation for your provider. Legislators have increasingly used "safe harbor" laws to make the Internet industry self-policing. For example, the Digital Millenium Copyright Act (DMCA) gives hosting providers a free pass from liability if they respond quickly and positively to every claim sent to them about copyright infringement. While the law treats you as innocent until proven guilty, the same law coaxes your providers to treat you as guilty upon accusation.

No sane provider would routinely or lightly treat you unfairly. Yet as we saw in the case of WikiLeaks, sometimes the pressure is too much to bear.  In this instance, Amazon Web Services and PayPal -- both flagship brands -- tossed customers off their services without judicial review, useful explanation, or workable recourse. Other, lesser-known companies (Tableau and EveryDNS) followed suit, and even a Swiss bank found a handy loophole. Doubtless each was under enormous pressure.

This cascade of capitulation demonstrates a fundamental flaw in Web-mediated services that doesn't exist with in-house infrastructure. While the Internet itself may have a high immunity to attacks, a monoculture hosted on it does not. We might even be able to survive a technical outage, but a political outage or a full-fledged termination of service is likely to put a company that has relied on the cloud for critical infrastructure out of business.

Of course, the terms of service of our providers have always included termination clauses. But most of us have lived with them because the risk was manageable. Services consumed in the past contributed to infrastructure we controlled and ran ourselves. A state officer wanting to take the sales system offline would need to penetrate the premises and use force, as well as get a judge to agree to that use of force. But a sales system hosted in the cloud can be taken offline instantly by someone we will never know, for reasons we can’t determine, and with no way for us to get back online.

Worse, a claim that terms of service have been breached probably leaves us without a viable avenue for recourse or compensation, regardless of what the SLA says about technical outages. There's likely to be a court battle to grab either, and when the priority is to get back online again, that's not desirable, even assuming we have access to capable legal representation in the country where our provider is based. Finally, if the service we have been consuming is a closed monoculture, finding an alternative will probably mean refactoring our infrastructure. That's costly and time-consuming, and it may well prove fatal if revenue has been cut off in the interim.

RELATED TOPICS
| 1 2 3 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies