Nirvanix, a public cloud storage provider once heralded as "becoming the de facto standard in Enterprise Cloud Storage" and resold by both IBM and HP to their customers, is shutting down operations as of tomorrow, October 15, 2013. This is two weeks after filing for Chapter 11 bankruptcy.
Recent postings by Kyle Hilgendorf of Gartner and Rich Miller of Data Center Knowledge have wisely called for organizations to look at their "Cloud Exit Strategy" to mitigate the impact of a provider shuttering its doors. Indeed, Nirvanix's customers had approximately one month to vacate and transition their terabytes of production data elsewhere.
As a result of the Nirvanix debacle, discussions around Cloud Exit Strategy are trending, but I fear that organizations may not realize that cloud exit plans need to be discussed in the larger context of Cloud Governance and contracting.
The evaporation of a Cloud Service is just one of the risks that should be accounted for in a Cloud Exit Strategy. Relationships end all the time for a variety of reasons. Perhaps you and the Cloud Service Provider have grown apart, the chemistry has faded, or you've seen the ubiquitous "500 Internal Server Error" one time too many. This is part of life.
It is not uncommon for a 3rd Party Services Provider to cop a territorial attitude towards customer data once they are served with divorce papers. Don't expect all Cloud Service Providers to take the high-road and help their clients transition from their service successfully. Getting 40TB of CSV files sent to you on a USB drive is a lot like finding your property haphazardly dumped on the sidewalk in front of the house after receiving a voicemail taunting you to come by and pick up your stuff. You don't want that. Rather than merely dump your data, your Cloud Service Provider needs to work with you to transition your data to a new provider at a reasonable pace and using an approach that is appropriate to ensuring continuous and stable business operations.
The risks of not managing the contractual aspects of the Cloud Exit Strategy are almost as significant as the risks associated with a provider going out of business. I consulted with a customer a few years ago whose Cloud Services Provider refused to provide any data or application-level administrative logon information until all of the customer's invoices were current even though the customer was disputing an invoice on the basis of being charged for services that had not yet been delivered. This put the customer in a potentially costly predicament that required a great amount of ingenuity from the NTT DATA engineering team to successfully resolve.
To build a Cloud Exit Strategy, customers should start with ensuring an exit plan is accounted for in the organization's Cloud Governance program and its Business Continuity program. Effective Cloud Governance should prescribe a framework around Data Transportability and Transition. It should furthermore specify the requirement for a Cloud Disaster Recovery Plan, no differently than IT Governance (combined with Business Continuity Planning) would for traditional Disaster Recovery Planning.
I won't speculate as whether or not financial due diligence would have helped customers avoid Nirvanix. After all, they appeared well-funded, and they were being resold by IBM, Symantec, HP, and Dell. But due diligence is another element of a Cloud Governance program that organizations need to ensure is in place.
Organizations who have not considered a Cloud Exit Strategy have been served with a wake-up call as they've read about the experiences of Nirvanix's customers, who reportedly have been in sheer panic as they've attempted to move terabytes of data across Nirvanix's congested Internet links within a few weeks' time.
As your organization begins to develop contingency plans and risk mitigation programs in response to the Nirvanix incident, remind everyone that an effective Cloud Exit Strategy begins with effective Cloud Governance.
- Jay Keyes, Sr. Director/Cloud Visionary, NTT DATA, Inc.