When consumer backup SaaS provider Carbonite sued its storage vendor, Promise, for systems Carbonite alleges lost customer data, ESG founder and analyst Steve Duplessie wrote a blog post urging enterprise users to ask tough questions of backup service providers to winnow out providers prepared to offer enterprise-level services. Especially, what does your infrastructure look like — what failsafe mechanisms are in place to prevent data loss? and what service level agreements (SLAs) are provided, if any?
When Carbonite backup SaaS rival SpiderOak came along with a pitch for me about how they’re a) more reliable and secure than Carbonite and b) welcoming Carbonite customers with a 20% discount on a year’s service for switching, I decided to try out those questions on them. What followed was an interesting discussion.
SpiderOak CEO Ethan Oberman says SpiderOak, unlike Carbonite, assembles its own storage systems out of commodity servers and disk drives, purchasing individual components and assembling them under the company’s proprietary storage clustering software. “We don’t rely on a third party pre-assembled storage system” as Carbonite did with Promise, Oberman said. But does putting together its own storage systems make SpiderOak’s more reliable? Not necessarily.
(Side note: SpikerOak isn’t alone here. Whale many storage vendors are betting on their future by selling pre-built systems to cloud service providers, the pitch I hear from those service providers is that their service is more reliable/ more secure / better performing because they built it themselves.)
So if we take the claim that home-built is better at face value, let’s say I was a Carbonite user who lost data, and now I’m looking to switch providers. Assuming I haven’t been totally turned off on the idea of SaaS in general, I think I’d still like to see something definitive in writing from my new prospective vendor, regardless of that vendor’s data center architecture, about data loss and what it’s prepared to offer me on that front.
It took quite a while before our conversation today progressed to the point where we could concede that although data loss is highly, highly, highly unlikely, it theoretically can happen. One of the reasons SpiderOak doesn’t address that possibility outright is because it doesn’t want that possibility in users’ minds. “We take this very, very seriously,” Oberman said. “Losing customer data in this market basically means going out of business.”
But as Duplessie put it, “I know things break. What I don’t know is how often they break, or why, and most importantly – what you do about it.”
Oberman said SpiderOak would probably do the right thing and give consumers their money back in the event of their data being lost. “It’s just ethical business practices,” he said. “We stand behind our product.”
Would he put that in writing?
Well, that opened up another can of worms. SpiderOak, Carbonite, and other consumer-grade backup SaaS vendors don’t offer SLAs or even formal written guarantees about data loss, in part, Oberman said, because of a fear of predatory lawsuits in the consumer world. Why these are more prevalent among consumers than among businesses remains unclear to me, but SpikerOak claims that’s what its legal counsel says. Also, it’s not as easy to assign a value to consumer data vs. corporate data attached to billable hours in order to institute hard financial penalties, and SLAs make the whole service more expensive, Oberman claimed.
For its consumer/SOHO service, SpiderOak’s focus is on cost–it charges about $5 to $10 per month. “Those are pretty cheap numbers–so cheap, in fact, that we can’t offer geographic redundancy economically,” he said. To provide SLA-worthy redundancy, the cost of the service would have to go up. This is something SpiderOak is planning to do by this summer with the launch of a new enterprise-focused backup service, which will be about four times more expensive as the current offering.
In the meantime, Oberman suggested that users attracted to the cost but concerned with the reliability of consumer/SOHO services could theoretically treat them like some companies do internet service providers (ISPs), and deploy two or three of the cheaper services for DIY redundancy. “There does seem to be a gap” between expensive fully-redundant enterprise services and cheaper but less resilient consumer/SOHO services in the market right now, he added.