This one is doing the rounds again in various discussion groups, comment forums, and the like. The basic premise is that because New Zealand suffers earthquakes, potential tidal waves, floods, dinosaur attacks, and other natural disasters we shouldn’t build cloud services here in local datacentres. It carries too much risk…
This is one of the “hand grenade risks” that you see every now and again that serves little than to disrupt or slow down an initiative (read FUD). It’s where someone pops up with an unqualified risk that has the perception of being far more likely to happen than reality would dictate. It is similar to people saying, “Whatever you do! Don’t wear shoes! 99.99 % of people who wear shoes are hit by buses!”
So what is the real risk?
New Zealand is prone to natural disaster, as is the rest of the world. In the early 2000’s there was a move for government to build their own datacentres, kind of cloud before cloud became popular, and as part of that thinking a lot of work was done around where the best place to house critical infrastructure was. This was led by AIT at the time and never really went anywhere because they funding just wasn’t really there, which means that the need probably wasn’t there at the time either.
The two answers that they came up with were; somewhere in the far north and somewhere around the large hydro dams in the South Island. Reasonable enough ideas, but the cost of getting infrastructure to those locations would have been prohibitive as well.
Most private or commercial datacentres today are in, or near, one of the large centres. Datacentres of note are in North Shore, south of Auckland CBD, Hamilton, Kapiti, Wellington (CBD, Tawa, Hutt), and Christchurch. Yes, still in Christchurch.
Each of those centres suffers a slightly different risk profile. Auckland has a risk of power and a risk of volcano. Hamilton has a power risk. Kapiti has a tsunami risk. Wellington has connectivity and power risks. Christchurch has, you guessed it, earthquake risks. In fact, all centres to one degree or other have an earthquake risk.
Most private or commercial datacentres have two locations. This means that a client can have production in one site and disaster recovery in a secondary. This mitigates a lot of the risk around natural disaster, providing of course that clients have invested properly in disaster recovery.
So while we have a country, island, that is subject to disasters, the reality is that because the infrastructure is spread around the place physically, actual risk is lowered.
The Myth is that we could avoid that risk by off shoring our data and ICT services. In other words, moving our cloud services to be based out of Australia or some other foreign state. The reality is that this potentially poses more risk than the natural disaster risk within our own borders.
New Zealand has the southern cross fibre ring that joins us to the rest of the world. Theoretically that means that we could cut the cable on one side of the country and continue to operate. Interestingly, Australia has found itself in a position in the past where one half the connection was undergoing maintenance, and down, and a ship put an anchor through the cable on the other side. Bye bye internet. So, rather than having more of a mesh configuration with New Zealand, with multiple telco providers, by getting our service from offshore we have a sole reliance on that cable. One of reasons that everyone started jumping up and down recently when the venture to create a second cable fell through.
Data sovereignty. It is conceivable that data stored in other states is accessible to those states under laws of that particular country. Much noise has been made about the Patriot Act of late. Personally, I think this is less of risk as it could be a case of the horse has bolted. Also, when you consider the sheer amount of data that is created and stored in offshore clouds, you have to wonder how they would process all that to find anything particularly interesting when the bulk of it is probably “Are you at your desk now?” and “Bring some milk home please” and “Are you up for a beer?” and an endless array of chatter about things that are largely irrelevant to everyone except the creator. But, this is still a risk.
Lock in. If all your services are managed by an offshore provider, and a single provider, they could conceivably hold you to ransom. Or, they could go bankrupt, the creditors could rush the company and all the infrastructure be seized. Goodbye service. And yes, this has happened before, recently. A loose example of course, but the shutdown of Megaupload, a cloud based storage service, shows this is possible.
There is a risk to economic development. Keeping services onshore means jobs for residents of New Zealand. Datacentres must be built, telcos must be paid, ICT staff must be employed, projects must be run, services must be changed, and things must be transitioned and improved. All of this adds up to jobs. Now, it is theoretically possible to take every last datacentre, private, public, and government, and transition it to a massive datacentre in Iceland, but you would kill a thriving economy overnight.
Where is safe? Can someone give me a three places in the world where there are no natural disasters?
Now, I’m not advocating either approach, I personally think there is a balance to be struck between both onshore and offshore and the market will figure out what that is over time. What I am saying is that it is a Myth to say that because New Zealand is prone to natural disasters, we should offshore our IT.
The reality is that each service carries a level of importance and the importance of that service need to be measured against the risk of losing it. The more you mitigate the risk, the more it costs you.