Out-Law / Your Daily Need-To-Know

Adobe Creative Cloud outage highlights need for IT contingency provision

Out-Law News | 19 May 2014 | 11:04 am | 3 min. read

The extended outage of Adobe's Creative Cloud suite highlights how quickly such problems can compromise business working environments and "disenfranchise users", a legal expert has said. 

Failures in the Creative Cloud suite, which Reuters said lasted more than 24 hours for some users, also highlights the importance to companies of setting in place contingency plans to ensure critical  business activities can be maintained, should their business be hit by a service outage.

"The outage of Adobe’s Creative Cloud, which relies on cloud-based functionality to provide what should be a seamless environment as users switch between software packages and workstations, is a perfect example of how quickly and seriously an outage can undermine a cloud subscription software model and disenfranchise users," said Paul Haswell of Pinsent Masons, the law firm behind Out-Law.com.

"Productivity software is switching to this model, requiring users to pay subscriptions and maintain a connection to the cloud service to enjoy full functionality," said Haswell. "If that cloud goes down, then users are left wondering what they are paying for, with a compromised working environment, and no concrete guarantee as to when problems will be rectified."

The Creative Cloud suite service subsequently resumed normal operation according to its status page.

According to Reuters, Adobe Systems said late on Thursday that it was working to fix login issues for its Creative Cloud suite, which had 1.84 million paid subscriptions as of February. The status update came more than 24 hours after some users said they were unable to access some of its products. Users around the world were not able to access the Creative Cloud website, the desktop app or make purchases or upgrades, said the news agency.

In a blog post Adobe Systems said that it had identified the cause of the disruption, but it did not specify the cause of the outage, or when it expected services to return to normal. Adobe spokeswoman Vanessa Rios declined to give further details, said Reuters.

Haswell said that the outage highlighted that businesses must consider their contingency options in the event that they are hit by such failures, if they are to maintain critical business functions when hit by software problems outwith their control.

Haswell said: "Users of similar platforms, such as Google Apps, Microsoft’s Office365 or Apple’s iWork for iCloud, should be watching with interest and considering their contingency options if such platforms are used for mission critical activity."

Adobe is the maker of Photoshop and Acrobat software products. Last year, hackers caused a data breach that resulted in the theft of millions of customer email addresses and passwords as well as the source code to some of Adobe's top-selling products, said Reuters. According to the news agency, Rios declined to comment when asked if the service disruption might be connected.

Adobe has been shifting to the web-based subscription service Creative Cloud from a licensing model since 2012. The company offers membership plans for the Creative Cloud suite, which includes Photoshop, Illustrator and Flash software, charging between $30 to $75 a month, said Reuters.

Last month the US-based Atlantic Council think tank called on businesses to address cyber risks to their operations at local level, and take a more holistic approach to risk management in an age when the failure of a major cloud data storage provider or electricity provider could cascade through the international economy.

The think tank, which aims to promote constructive leadership and engagement in international affairs, also called on global leaders to establish a G20+20 Cyber Stability Board, tasked with addressing cyber risks to the international economy in order to guard against a global shock on the scale of the 2008 financial crisis. The proposed board should be made up of leaders of the world's 20 major economies plus 20 or more representatives from major global information and communications technology firms, and possibly cyberspace regulatory authorities, the Atlantic Council said.

The think tank said that its call for a new global cyber stability organisation took a step further an informal proposal by the technology company Microsoft for the establishment of a G20+20 Group made up of global leaders and information and communications firms, designed to draft a set of principles for acceptable behaviour in cyberspace.

In a report carried out jointly with Geneva-based Zurich Insurance, the think tank envisaged a scenario in which a major cloud service provider fails "with everyone's data there on Friday and gone on Monday."

"If that failure cascaded to a major logistics provider or company running critical infrastructure, it could magnify a catastrophic ripple running throughout the real economy in ways difficult to understand , model or predict beforehand," said the report. "Especially if this incident coincided with another, the interaction could cause a crash or collapse of much larger scope, duration and intensity than would seem possible – similar to the series of events that struck the financial system in 2008."

The Atlantic Council report recommended a number of measures companies could take to guard against IT security problems, including consider securing additional alternative power, telecoms and internet service providers which could swing into action in case of emergency.