“But wait,” he says.  I have a backup.  And he did.  He was using a popular cloud backup — Mozy.  Only one problem.  Mozy has no virus protection.  That’s right.  Strange as it might seem, where my friend thought he had a backup in the case of a disaster he found that if that crisis is a virus attack, your cloud backup is a virus storage.

To be clear, this is spelled out on Mozy’s web site.

So what’s the big deal?  If he had a regular backup, it would have been the same.

True.  But frankly, I expected more of cloud backup.  We go to the “cloud” for a higher level of service.  Also, no matter what you say about it, do I want to store my data with thousands of others without even so much as a rudimentary virus/worm protection?  Should I be reading more closely to see if there is any potential for spread of a virus or worm?   Multi-tenancy might have a great ring to it, but what exactly are the protections offered when we share our data.

To be fair, I assume that Mozy and others have some kind of isolation for your data.  But then, I also assumed that a smart move would have been for Mozy to be carefully scanning data before storing it.  Call me dumb, but that’s my assumption.

It also started me to thinking.  What about other shared storage systems.  What is DropBox doing?  I looked at the site and even went to the help and searched “virus” and “worm”.   No response.  What does that mean?  Is this a shared storage or a great hiding place for viruses and worms?   When these folders are shared, what happens then?

Don’t forget.  While Mozy is a backup, DropBox is a collaboration — a sharing system.  What exactly is being shared?

It seems like a minor point, but it points out that we make assumptions about web and cloud applications and data storage.  Are these assumptions correct?

This might date me – but one of my favourite movies is flick called “Network”.  It features a psychotic newscaster who leads a revolution of TV viewers who charge to their window screaming, “We’re mad as hell, and we’re not going to take it anymore!”

I must have a soft spot for that type of sentiment.  Because one of my favourite books is the Cluetrain Manifesto.  I love the line - “We are not eyeballs, or clicks, we are human beings — live with it!”

About bloody time, is what I’ve said.  And apparently so have a lot of others.  Today’s customer isn’t going to take it anymore.  Anyone with a business knows that.  All those predictions in the original Cluetrain Manifesto have come true.  In today’s world, if you aren’t better, faster, cheaper — your customer is gone in a click.

For the longest time, IT has been exempt from that.  If you had an IT provider you’d bitch and whine, but it was what author Don Tapscott called the Hotel California syndrome.  (For those who are too young to remember the Eagles, the quote comes from a line in their song Hotel California which goes - “You can check out any time you like, but you can never leave!” )

Microsoft, IBM, HP, Oracle — it didn’t matter which monolith we talked about.  You didn’t own them — they owned you.  You had such an investment in them that you had to stay.  Even if you outsourced, you never left them that far behind.  Either they supplied the outsourcer — or they were the outsourcer.

Well, those days are done.

The cloud is coming.  Gartner Group – one of the big think tanks made it official this year.

By 2012, 20 percent of businesses will own no IT assets. Several interrelated trends are driving the movement toward decreased IT hardware assets, such as virtualization, cloud-enabled services, and employees running personal desktops and notebook systems on corporate networks.

It has to be true.  Gartner doesn’t predict anything until long after its inevitable.

For a lot of folks, the past will be just like the future.  They’ve gone rushing from the expense of a big legacy provider to the expense of a big cloud provider. From Siebel to Salesforce.com.    That’s okay.  I take my hat off to Salesforce for becoming the 300 pound Gorilla in the cloud.

They’ll take their share. But the cool thing is you don’t have to go to one of the usual suspects.  There are options.  So now, if you are “mad as hell and not going to take it anymore” you have a number of options.  Two little magic words – “Open Source”.

Open Source puts the client in control.  In the CRM world for instance, we offer SugarCRM as an open source alternative.  We use it because we like it – it has amazing features, it’s cost of ownership is low — and it’s source code is open.  As I’m fond of saying – most software, if chosen well, will meet 98% of your real needs.  The problem is that the remaining 2% is often related to your competitive advantage.  With big, standardized systems if you hit this problem — as my kids say, “sucks to be you.”  You either live without it or buy an add on to what you’ve already paid.  By the way, did they tell you that “add on” wasn’t available with the lower priced version?   Yup – you are back in the old days where you don’t own the vendor – the vendor owns you.

With Open Source solutions like SugarCRM if you hit that last 2% and it’s a problem, you go into the source and change the code if you have to.  Most of the time you don’t even have to change the code because there’s a utility to allow you to do it.  And before the fear mongers get to you, there are many “upgrade safe” ways to make those customizations.  Or if you are majorly unhappy with the vendor — you can go your own way.  A couple of vendors – including “Info At Hand” and “vTiger” have made that decision and forked the SugarCRM code to have their own solution.  While these have a minor market share right now, they are a continued warning to SugarCRM that Open Source lives in the Cluetrain land.  Do it better, do it cheaper, do it faster — or get done in.

It’s the same with hosting and support.  Even if you customize a solution for someone, that doesn’t mean you own them.  This is open source code.  You can pick it up and move to a new host or even a new developer.  We know that.  As does every quality developer out there. We can’t afford to be less than our best.   We can’t afford to be anything less that a strong business partner.  You get what you need to make your business successful — that’s what keeps you coming back.

It’s the Cloud Computing Manifesto.  You own the solution — not the other way around.
Enjoy!

I got this email the other day.

Pursuant to the Dimdim Terms of Use (the “Agreement”) governing the use of Dimdim Inc.’s (“Dimdim”) Site and Services (as defined under the Agreement) by you (“You”), Dimdim is hereby exercising its right to terminate Your Dimdim Account and the Agreement in its entirety. Dimdim will continue to provide Services to you until March 15, 2011. Following March 15, 2011, neither You nor Dimdim shall have any further rights or obligations of any kind under the Agreement, including the right to access the Site, or receive or use any Services. Dimdim thanks you for your business, and wishes you success in the future.

This was the quote from their agreement.  You know those agreements that you scroll down to the end of and don’t really read?  I confess that this came as a surprise.  I missed what I call the “don’t let the door hit you in the a** on your way out” clause.  Because this is a pretty blunt stick.

Everyone has worried about their SaaS partner disappearing on them – at least I hope they have.   Everytime we do a SaaS strategy we make sure people think this through.   Usually we think of the SaaS provider possibly going out of business.

These guys aren’t really going belly up.  They have sold their product to SalesForce.com apparently.   And they want us off their service.

What do you do when someone tells you that you have to leave their cloud?

It’s illogical, but I had an emotional reaction to this.  I felt like I did the first time a girl broke up with me.   I’d been rejected.  Found unworthy!  That’s not the way it’s supposed to work.  I’m the one who supposed to decide to go.   Leaving on someone else’s timetable is a different matter entirely.

It’s not the first time it’s happened.  No, I’m not talking about girls breaking up with me (sadly, I have a great deal more experience in that area).  I’m referring to SaaS providers leaving me.

What if they change their fee structure to something you can’t abide?

I first experienced this when we were using a free service to maintain an online community.  It was a not for profit group with no budget to speak of.   After some time of finding and playing with this interactive community software, investing time learning it and of course getting a small community built, we thought we’d done something cool.  Then we got a note saying that the service was moving from free to paid.  Pay up or leave.

In fairness, it was free, so we had little to complain about.  But we’d built this community without thinking about how we would pay for it.  Although that wasn’t the real cost.  Our costs weren’t in the software.    They were in all the blood, sweat and tears we had put into this.

So you get caught in a dilemma and forced to ask people for extra money they didn’t sign up for.  Or you move.  In this particular case – being a volunteer group, I don’t know if the group has the “energy” to move.  I’m not sure it will recover.

This company gave us a lot of notice.  They were very reasonable in their demands.

They didn’t have to be.  That started me to thinking in a corporate sense.  What do you do if your SaaS provider decided to raise their fees way beyond your budget?   What would you do?

Even if it’s not about fees, what if a provider says you have to get off their system?  Now.

Far fetched?  Maybe not so far fetched. I don’t know (or care) where you stand on the issue of WikiLeaks – but when vendors refused to accept their online payments and even host their sites; it gave a totally new meaning to “denial of service”.

Again I started to think – are there other reasons a company could decide that they just didn’t want you?  Or in a multi-tenanted SaaS system, what if they just decided that most users wanted to go in a different direction.

What’s the big deal?  We’ve long accepted that software vendors could merge, go out of business or fade away.   But in those cases, we had code escrows and could take the software in house and run it.   It might not be fun.  It might be painful.  We might inevitably have to get a new solution.  But the issue is that we would be on our timetable.

What’s the risk? If Paul Simon was right there are indeed,  “50 ways to leave your lover”.   Are there 50 ways that our SaaS and Cloud providers could leave us?

SaaS and Cloud Computing makes computing a utility. You don’t know what’s under the hood and you don’t need to.  Companies depend on the vendor to get them up and running.  It’s easy to lose the skills you once had and become more dependent on the vendor.  If most forecasts are right, this is exactly what will happen.

Again with the song lyrics – “breaking up is hard to do.”

It can also be costly, in ways that we might not think about when we are starting our relationship.   The real costs are not in the software.   We’ve maintained for sometime that the low price of SaaS or Cloud based solutions and the speed of implementations can make software more of an impulse purchase.   It all happens so fast, we don’t think enough about the future.

If you are anything like me, the killer part of any  breakup was explaining it to friends.  You have to tell the story over and over of how dumb you were to miss the signs.   But at least in the case of romantic relationships most of your friends get behind you and blame your past lover for being a jerk.  Case closed.

In SaaS, we don’t explain that we should have seen the signs to our friends.   We explain it to our clients and our bosses.

In the wake of the Sony disaster, we got a lot more questions about security.  We are not egotistical about this.  We take it very seriously, but I hope we never lose our humility and hard work.

Yet one thing amazes me.  Companies spend a great deal of time trying to ensure that they have fixed all of the “back doors” to entry.  But they leave the front doors wide open.  What do I mean?

Have you done some basic education about how to construct a password that is at least a little bit difficult to guess?

Do you have user names like “Admin” so that you can give a hacker 50% of what it takes to enter your system?

Well, let me ask you this.  Are your employees social media users?  How many of them are using the same passwords for Facebook as for your corporate systems?

Many companies have missed doing the basic and obvious things to ensure their security — all the while spending huge amounts of time and money trying to bolster their technical capabilities.

Don’t get me wrong – we think that every effort towards improved security is a good thing.  We just think that it also starts with a real conversation with your employees about the types of behaviours that can make for effective security.  Good passwords.  Unique and a little more difficult user names.  Not using easy to guess passwords.  And ensuring that you don’t use the same passwords for all systems — and never use the same passwords from your social media usage for your corporate systems.

This is all pretty basic, but you’d be surprised at the number of places where people leave holes in security because they simply don’t understand what constitutes expected behaviour.

If you haven’t drafted a security policy it’s time.   If you have one and you haven’t updated it in a while — it’s also time.  But a policy itself won’t do it.  You need to have conversations with your employees about what they should and should not do.