A recent lawsuit involving WeR1 World Network and CyberLynk Network brings up the issue of ethics, responsibility and danger in the much hyped “Cloud” storage utility that has been agressively pushed by most of the major vendors in recent times.
The gist of the case is that a disgruntled employee of Cyberlynk managed to log back into the Cyberlynk network after he was fired and proceeded to delete about 304GB of data which happened to include an entire season of the TV show called “Zodiac Island” produced by WeR1 network.
That is the ethics part of it, that a former employee was “wicked” enough to delete “…an accumulation of two years of work that included animation artwork and live action video production, with contributions from several hundred people and over three dozen companies in the United States and Asia”. Data he must have known were valuable to another entity who probably had nothing to do with his firing, or did they?
Ordinarily, this would not be a big issue because we will just assume that since this is a service provider, they can just restore the data from backup. Therein lies the “danger” part of the whole situation. Apparently, there were no reliable and complete backups because CyberLynk’s President Adam Hobach supposedly admitted that CyberLynk’s security and backup had failed and it could not recover all the data. Now that is a scary situation for business owners who rely solely on external providers to backup their critical data
Of the 304GB of data deleted, about 65GB was permanently lost, leaving the production company with only snippets of its 14-episode season. WeR1 argues that “[b]ecause this destroyed data includes fragments from each of the 14 episodes, it is now impossible to re-assemble any of the episodes in its entirety”.
My question is, where is the responsibility on the part of WeR1 in all of this? We were taught that “The Data Owner is always ultimately responsible” for their data. It is okay to “go after” a service provider for losing your files on their FTP server, but what happened to due diligence?
Was it too much for WeR1 to make local backups of its own data – given how cheap storage devices are these days? Is it reasonable to assume that there were no formal policies and implemented procedures that would ensure that critical assets were properly protected?
I think it is fair to expect more from a company with “…an accumulation of two years of work that included animation artwork and live action video production, with contributions from several hundred people and over three dozen companies in the United States and Asia”, instead of just relying on the promises of a service provider.
Sadly, WeR1 is representation of the state of many small businesses today, especially those who are “DIYers” and are too busy to follow up with external vendors on the state of their data. The cloud hype is admittedly on full assault mode with all kinds of promises of quick access to data, triple backups and 7 nines etc, but…that does not excuse negligence and laziness on the part of WeR1.
Although this was a case of files on an FTP server, the lesson from this , especially for small business owners, is to look before you leap into “cloud” services – where an external entity has your corporate data in their location whether it’s a web server, database server or just plain files. You have to be sure your “stuff” can be recovered is the servers of your providers go belly up, or a mischievous employee or ex-employee decide to try their hands at “hacking”.
As a small business owner with your data at a remote location, how many times have you asked for a test restore? Never? Well, maybe you should.