There’s no doubt about it, cloud computing is gaining some serious momentum. Part of this momentum is due to the fact that the trust issues that were commonplace several years ago among buyers have been reduced to mere pockets of concern. But, who are the most trustworthy application vendors in terms of customer data being safe and secure — and the application being available — should disaster strike one physical location?
Let’s look at the general tiers of trustworthiness.
Google – Big Table, Big Infrastructure
Google represents the top tier of cloud vendors. Google’s infrastructure is massive, highly redundant and is designed for hardware failure and other types of failure. If you use GMail, either as a consumer or as a business user, you may or may not know that Google will not complete a transaction, such as an email send, unless it’s confirmed that your data has been written to at least two places — often two different physical locations, even on different continents. In addition, each of those two writes is backed up.
It’s also worth noting that Google Apps is one, gigantic, global application instance. This is the ultimate in multi-tenancy, in which every customer is on the same instance.
This YouTube video provides an excellent deep dive into Google’s infrastructure. I’ll term Google as having real-time, multi-location redundancy.
Salesforce.com – The Trust Infrastructure
Salesforce.com takes customer data incredibly seriously. There are entire teams in place to make sure that customer data is secure, redundant and highly available for production use. Salesforce has three, global data centers with a fourth one coming on line. If one data center was completely taken out, customer data from that center would be available via one of the other data centers in very short order.
Details on Salesforce.com’s data security can be found here. The same site tells us that Salesforce.com is running their entire customer base (of over 77,000 companies) on just eleven production instances.
I’ll call this near real-time, multi-location redundancy.
If you know of any other vendors with a similar architecture, please post details in a comment. I suspect that Microsoft falls into this category for part of their infrastructure.
Disaster Recovery Mode Cloud Vendors
The next tier of vendors — and likely the largest tier — are those that have only one main data center location, but have a plan in place should disaster strike this location.
This tier of cloud vendor does not have either live servers or dedicated, standby servers in a secondary location. Instead, they have access to a pool of server capacity in a secondary location that’s available to them should they need it. Data are copied over to the secondary location in near real-time, or on a periodic (daily) basis.
If disaster was to strike the main data center, there could be a time lag of up to a day (or more, if things don’t go well) before the backup environment is available for application use and/or before DNS changes have propagated.
“All Eggs in One Basket” Cloud Vendors
There is a class of cloud vendors that is fully reliant on a single data center being available. Customer data is mirrored and/or backed up within the data center, but there’s no specific plan should disaster strike the data center location. These vendors are normally early stage companies that are still in beta test mode. The economics at this stage of a company’s often doesn’t support having a failover data center.
“Dedicated Server In the Cloud” Vendors
Vendors that host each customer on their own dedicated physical or virtual server within a cloud infrastructure such as Amazon EC2 need to work within a different set of rules in terms of uptime and redundancy. Unlike the multi-tenant vendors, for which moving a single database from location A to location B means moving thousands of customers from location A to location B, with the dedicated server approach, each customer is on their own, separate application and database instance. This means a more individualized approach to uptime and redundancy.
If you have any concerns around your company’s data and its availability, it may be worth asking your vendor into which general category they fit.