Amazon and its competitors could do more to protect the data stored in their object storage and block storage, and I can’t think of a reason why they shouldn’t. I have an idea on how they could make a lot of us feel a lot better about storing our data in AWS or S3. It’s simple: don’t let “delete” mean delete, at least not right away.
There are myriad vendors using Amazon and its competitors as the ultimate place to store your data. Amazon replicates it to multiple locations, insures against silent data corruption, and only charges you for what you use. And if I had a dollar for every vendor that told me data stored in Amazon didn’t need to be backed up, I’d be a rich man.
Yes, data in cloud service companies is automatically replicated to multiple locations and can survive a variety of disasters. What this replication isn’t designed to stop is a malicious attack such as someone deleting your account or significant amounts of data within your account. If this happens to you, Amazon will simply remind you that you are supposed to be backing up your data anyway and restoring from such an event is not their responsibility. And I can argue that this should probably be the case. People should be responsible for backing up their own data, and Amazon should be no more liable for its customers’ data than your primary storage vendor is. It’s like installing backup software and never creating a backup job, then complaining that the software didn’t back anything up.
But I think Amazon could make a significant step in this area and maybe even make a buck or two in the process.
Here’s my idea: when someone deletes an account, volume, VM, or object, do it – but cache the deletion. As far as the customer is concerned their VM or object is deleted. But in reality, it’s just put into the deletion pool. It hasn’t gone anywhere. It could stay in this pool for some period of time, like a few days or even a week. This would allow the user to contact Amazon and ask for the data to be put back.
Consider, for example, what happened to codespaces.com, where a hacker held the company for ransom with the threat of deleting all of its data. The company didn’t do what the hacker asked and proceeded to delete the files in response. Codespaces.com ceased to exist. In my world, that company would just need to contact Amazon tech support and tell them what happened. Amazon could restore the account and change the credentials to protect the customer and return the instance to full operation.
Here’s the beautiful part: Amazon could even charge a significant amount of money for this. This is the business model that salesforce.com uses. They do backup your instances, but those backups are meant for disaster recovery purposes, not recovering from a hack or accidental deletion of a bunch of accounts. But if you contact them, they do have a restore service that starts at $10,000. That’s a lot of money, but I bet codespaces.com would’ve paid it.
I’m trying to imagine a scenario where Amazon having this feature would be against a customer’s best interests. The only one I can come up with is a customer wants to be able to say “that data is really gone and there’s no way we can get it back.” Since I’m only recommending a cache of a few days, the only scenarios where I can come up with for this are companies trying to evade a subpoena or electronic discovery request for data they know will cause them harm. If you’re caught deleting data like that, you’re looking at jail time in a criminal case or an adverse inference instruction in a civil case, so let’s just say it’s not a scenario I’m worried about. As long as normal customers get their capacity back and the data is really deleted a few days later, I don’t see any potential harm to someone who isn’t trying to evade something like this.
An alternative thought is why Amazon should be any more liable for your data than a Windows file server. As mentioned earlier, I’m not even suggesting they should be liable. I’m simply saying there’s a business opportunity here for one or more of these companies to provide this as part of their service, and to make money in the process. It would go a long way to making the public cloud safer for data.