Cloud providers ready to strike with nuclear option

It used to take a warrant, a sheriff’s deputy, and an axe to chop down your door and stop your business dead. But the cloud makes it so much easier.

Today, if you rely heavily on a public cloud service provider, your entire business infrastructure could be taken offline without judicial review, useful explanation, or workable recourse, simply because a customer, a politician, or even a competitor claims there are issues with your — or your customers’ — activities.

This was one of the issues cited by commentators when Oracle’s terms of use for its cloud services were disclosed last week. According to section 5.2:

If Oracle detects violation, or is contacted about a violation of, Oracle Cloud Services terms and conditions or acceptable use policy, Oracle will assign an investigating agent. The investigating agent may take actions including but not limited to suspension of user account access, suspension of administrator account access, or suspension of the environment until the issues are resolved.

Oracle isn’t alone; every cloud provider has clauses like this. By way of example, have a look at these extracts from four other well-known providers. First up, Microsoft Azure terms:

We may suspend an online service in whole or in part … if you do not abide by the Acceptable Use Policy section of these Online Services Use Rights or violate other terms of your Microsoft Online Subscription Agreement.

Rackspace (see section 9):

We may suspend the Services without liability if: (i) we reasonably believe that the Services are being used (or have been or will be used) in violation of the Agreement

Amazon Web Services states in section 1.4 of its terms:

… we may remove or disable access to any Prohibited Content without prior notice in connection with illegal content, where the content may disrupt or threaten the Services, pursuant to the Digital Millennium Copyright Act or as required to comply with law or any judicial, regulatory or other governmental order or request.

Finally, Joyent’s conditions:

Joyent may terminate or suspend your access to Joyent services at any time and for any reason without notice.

Of course, most of these “at our sole discretion” clauses are wrapped in varying degrees of customer protection. As a Rackspace representative explained to me, “Arbitrarily suspending a customer or treating our customer unfairly would do tremendous damage to our brand and our mission and we go to great lengths to avoid disappointing our customers.” That’s fair; Rackspace went to some effort to explain it would not take arbitrary action.

Amazon and Rackspace make clear in their terms they will notify you of issues and give you a chance to devise a remedy. Oracle refers to an “investigating agent” with full powers, although there’s no promise of notification. Microsoft says it will provide notification and take down only the minimum portion of your cloud presence necessary to resolve the issue (although the company has several overlapping policies with differing, less protective terms).

But the bottom line is that all these providers use language that ultimately allows them, in what they alone decide are extreme circumstances, to pull the plug on your cloud presence. None offers arbitration or compensation in their terms; there are no consequences for them. You may have a contract or a service-level agreement with penalties for outages, but it’s highly likely these terms of use will take precedence.

Vendor self-preservation

Why the nuclear option? It’s a matter of self-preservation for your provider. Legislators have increasingly used “safe harbor” laws to make the Internet industry self-policing. For example, the Digital Millenium Copyright Act (DMCA) gives hosting providers a free pass from liability if they respond quickly and positively to every claim sent to them about copyright infringement. While the law treats you as innocent until proven guilty, the same law coaxes your providers to treat you as guilty upon accusation.

No sane provider would routinely or lightly treat you unfairly. Yet as we saw in the case of WikiLeaks, sometimes the pressure is too much to bear.  In this instance, Amazon Web Services and PayPal — both flagship brands — tossed customers off their services without judicial review, useful explanation, or workable recourse. Other, lesser-known companies (Tableau and EveryDNS) followed suit, and even a Swiss bank found a handy loophole. Doubtless each was under enormous pressure.

This cascade of capitulation demonstrates a fundamental flaw in Web-mediated services that doesn’t exist with in-house infrastructure. While the Internet itself may have a high immunity to attacks, a monoculture hosted on it does not. We might even be able to survive a technical outage, but a political outage or a full-fledged termination of service is likely to put a company that has relied on the cloud for critical infrastructure out of business.

Of course, the terms of service of our providers have always included termination clauses. But most of us have lived with them because the risk was manageable. Services consumed in the past contributed to infrastructure we controlled and ran ourselves. A state officer wanting to take the sales system offline would need to penetrate the premises and use force, as well as get a judge to agree to that use of force. But a sales system hosted in the cloud can be taken offline instantly by someone we will never know, for reasons we can’t determine, and with no way for us to get back online.

Worse, a claim that terms of service have been breached probably leaves us without a viable avenue for recourse or compensation, regardless of what the SLA says about technical outages. There’s likely to be a court battle to grab either, and when the priority is to get back online again, that’s not desirable, even assuming we have access to capable legal representation in the country where our provider is based. Finally, if the service we have been consuming is a closed monoculture, finding an alternative will probably mean refactoring our infrastructure. That’s costly and time-consuming, and it may well prove fatal if revenue has been cut off in the interim.

Maybe that sounds excessively pessimistic. But it’s worth noting that PayPal didn’t take action against WikiLeaks; it moved against the Wau Holland Foundation, a nonprofit that had been supporting WikiLeaks as one of several activities driven by its charter. It’s becoming quite common for DMCA notices to incur collateral damage, like the one that blacked out 1.5 million educational blogs over a disputed student handout. As the media industry’s war on fair use grows, we can expect more laws to be passed that have more collateral effects — all excused by terms of use.

Learn self-defense

What can you do to minimize your risks? In the final analysis, not much; this problem is underacknowledged and overdue for attention. But you can try to apply three principles to your situation.

First and foremost, you need a commitment (backed with substantial penalties) that your provider will never take your service offline intentionally without a substantiated and validated court order, whether you are notified in advance or not. Phrases like “at our absolute discretion” are a red flag. It’s your infrastructure and your discretion that matters. Until there’s proof of judicial review, no service should be rescinded without the provider being penalized. Seek providers willing to make that commitment, or if you have the negotiating power, ensure your contract includes this idea and supercedes the terms of use.

Secondly, ensure your provider is not a monoculture. Select providers that deploy open source software in documented ways, so you always have the freedom to leave. Avoid solutions where the only company enjoying software freedom is your provider. Favor open source software which is community-backed rather than controlled by your provider. Your provider may be concerned that you are escaping its lock-in and charge you more, but it’s worth paying extra to get the additional value software freedom creates.

Finally, create a backup plan for how you would operate the service in the event your provider suspends its agreements with you. Consider having a backup provider or even a “private cloud” available and keep copies of your runtime environment in VMs ready for deployment. That may seem like a lot of effort and expense to cover a fairly remote possibility, but when you outsource all or part of your business to the cloud, you don’t want to cede the freedom to run your business in the bargain.

This article, “Cloud providers ready to strike with nuclear option,” was originally published at InfoWorld.com. Read more of the Open Sources blog and follow the latest developments in open source at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.