Another Oops for Cloud Services – InfluxDB Halts Service in Belgium/Sydney with Insufficient Customer Notice
In the latest example of “If you don’t own the server you don’t own the data” cloud events, InfluxData recently closed operations in their Belgium and Sydney locations, with apparently woefully inadequate customer notification and follow up. In both instances, users were apparently notified only via email and via the InfluxDB documentation or status website. The hows and whys are a little fuzzy, but suffice to say that InfluxData management made some very unusual decisions to turn off services and delete customer data… with what is overwhelmingly being called “insufficient notice”. It appears that this event may have cost InfluxData some customers, or new customers at least, as they try to dig out from under this fiasco.
In fairness, they did provide notification via their cloud status page, but who looks at that unless there’s an outage or service degradation? You can follow the thread here if you want to see the drama unfold: https://community.influxdata.com/t/getting-weird-results-from-gcp-europe-west1/30615/19
While we are not aware of any security product that uses InfluxDB for it’s cloud database, there are plenty of examples of video and access control products that use cloud based database instances or other cloud dependent services. InfluxData uses Google, Azure, and AWS for it’s hosting services, so this wasn’t a case of a company that suffered a catastrophic site failure or financial bankruptcy issue. This was more likely a financial issue to discontinue services for poor performing areas and focus on better areas. It certainly was well within InfluxData’s rights to do so too, but apparently could’ve been communicated much better. Further, there was no attempt to migrate the user’s data to another region, or even provide backups of the data for user’s to migrate themselves.
Responses from user’s on the support page was scathing, if not somewhat in disbelief too:
Users from the Sydney region weren’t so lucky, as apparently there were no measures taken to be able to restore their data:
All of this is just to say that thousands of business run on cloud services every day, and many of them probably have no idea about what their hosting provider’s service level guarantee or disruption notification policies are. Further, just because your cloud service guarantee they are backing up your data doesn’t mean you shouldn’t be backing it up also… to your own storage.. that you own. If you must use security software in the cloud and store your data there, have a business continuity plan that includes your cloud provider services and the recovery of the data that is stored there.
Now repeat after me, “If you don’t own the server, you don’t own the data”…