Back when I did a lot of security work, we used to joke around that single sign on should be called "single vulnerability". Maybe single provider cloud models should be called "single point of failure".

Jonathan Feldman, CIO, City of Asheville, NC

June 19, 2009

3 Min Read

Back when I did a lot of security work, we used to joke around that single sign on should be called "single vulnerability". Maybe single provider cloud models should be called "single point of failure".Toodledo went down hard last week . I rely massively on Toodledo to organize my massively complicated work and family life. But I wasn't terribly upset because my data lives in more than one place. I wrote a draft of this blog on the Toodledo site, but I could have easily written it on the equipment that houses the synchronized copy of my notes. The site being down was annoying but not, as we say in the support business, without its workaround.

Friends of mine in the social networking cloud were atwitter on the outage. One friend didn't have his data sync'd elsewhere. Others made snarky comments like, "Good thing Google is gonna support tasks soon". But, did these snarky commentators miss the Google outage in mid-May of this year? The downstream consequences were amusing or catastrophic, depending upon where you sat.

One of my Fancy Pants High Flyin' Analyst™ friends was wringing his hands over what these outages meant for cloud computing. But you don't have to be an expert on the cloud to apply fundamental IT principles to the cloud. These principles all boil down to "plan for failure." All systems fail; interdependent systems fail harder; centralized & monoculture systems fail hardest. Before you leap into Cloud 9, use tried and true IT principles to pack your parachute.

Principle 1: Diversity. No good data center manager would allow the same peer to provide backup links. Consider more than one provider. Providers have "whoops" moments no matter what the hardware redundancy looks like. If you hear the word "never" used in conjunction with failure, ask if your provider employs humans. If they don't, let me know. I've been looking to build my own army of robotic minions.

Principle 2: Backups. IT can sometimes forget that the reason that we do most things -- security, response time tuning, uptime, infrastructure deployment, ERP -- is because of the data. If there's a data loss, it means that IT has failed. Make sure you never rely on a single point of failure (provider or internal) for backups.

Principle 3: Data ownership. Again, it's about the data. You may have more than one location for your backups, but can you read them? Similarly, getting locked into a box canyon closed system means that IT is unable to handle emerging business requirements without being at the mercy of a provider. If there's no API where you can pack up your data and go if the cloud starts to dissapate, you've been sucker-punched into the same barrier to exit that Microsoft erected for desktops in the last century.

Jonathan Feldman is an InformationWeek Analytics contributor who works with IT governance in North Carolina. Comment here or write to him at [email protected]. Read about IT governance at

About the Author(s)

Jonathan Feldman

CIO, City of Asheville, NC

Jonathan Feldman is Chief Information Officer for the City of Asheville, North Carolina, where his business background and work as an InformationWeek columnist have helped him to innovate in government through better practices in business technology, process, and human resources management. Asheville is a rapidly growing and popular city; it has been named a Fodor top travel destination, and is the site of many new breweries, including New Belgium's east coast expansion. During Jonathan's leadership, the City has been recognized nationally and internationally (including the International Economic Development Council New Media, Government Innovation Grant, and the GMIS Best Practices awards) for improving services to citizens and reducing expenses through new practices and technology.  He is active in the IT, startup and open data communities, was named a "Top 100 CIO to follow" by the Huffington Post, and is a co-author of Code For America's book, Beyond Transparency. Learn more about Jonathan at

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights