Do companies pay a premium for the 'freemium' cloud?

Cloud sitting on laptop with memory stick

On a personal level you probably won't find a bigger advocate for free or, if you'll excuse my lapsing into the tech vernacular for a moment, freemium cloud services.

For those who don't know, freemium is a free model where advanced or upgraded functions come at an additional fee. Just about everyone I know uses Gmail, by way of a very well known example of a free cloud-based service that has passed both the tests of time and trust.

But what about when it comes to the freemium cloud equation for business? Instead of just leaping aboard the no-charge cloud express, every organisation should sit back and ponder just what the true cost of storing data in the free cloud actually might be.

The business advantages are plain to see, and come in the shape of pound signs attached to hardware, software and support issues. Throw in the ability to provide access anywhere on any device mobility, and the deal is as good as done.

Unfortunately, all too often, the glare from the economic and technical hard sell can easily lead to common sense blindness as far as the small business is concerned.

I am focusing on the smaller end of the business scale for one very good reason: no mid-sized or larger organisation would even contemplate the free option. It's only the hard-pressed, hard-up and hard-of-thinking small business sector that flocks to freemium like flies to dung. The smaller the business, the greater the attraction and the more likely they are to end up waist deep in the smelly stuff.

Problem number one comes in the shape of a total lack of any kind of meaningful service level agreement regarding uptime and availability of your data. Actually, scrap that and replace with 'any service level agreement at all'. If access to your data when you need it is important to your business, and there aren't many scenarios I can think of where it wouldn't be, then the free cloud is not for you.

Problem number two is pretty similar, but rather than having access to your data interrupted because the cloud provider has a barfing server up in the ether somewhere how about if the cloud provider ceased to exist?

Even big brands such as Google have been known to close down cloud services that didn't get the reach they expected. Anyone remember the fuss when Google Health gave users a month to sort their data out before the plug was pulled on the service? Not all free services give users that long, some may well just cease to exist overnight and there's precious little you can do about it. And precious little you can do to get your data back if you have not also synchronised it to another free cloud service, or kept an off-cloud backup locally.

OK then, you might argue, so don't trust your data to just any old start-up tempting you with a no-cost or low-cost service. Demand some evidence of a track record in the data storage business, or a business plan that suggests longevity, a brand name that you CAN trust. Anyone see the flaw in that argument yet? Google is a pretty big company, with a pretty good track record and a pretty good business plan. Yet it isn't adverse, as already mentioned, to closing down services that plenty of users have been pretty happy with. It usually calls these 'beta' services, which gives it an easy out. For that reason alone I would avoid any free service which has a beta tag for business purposes, and so should you.

But going with a big brand that has a plan also means you are likely to encounter a hard-sell along the way to upgrade from your free account to a paid for one instead. Indeed, you may well find you have no choice when you hit your data storage limit for example.

Then there's the small matter of privacy, or rather a privacy policy that isn't as flimsy as the average Hollywood movie plot these days. If your data is encrypted, at your end of the line and using your own choice of encryption process before it gets to the cloud, then you might be relatively happy about the security of that data.

If you are the average small business owner looking to save money and leverage the tech experience of others, encryption is unlikely to be on your agenda. At which point the privacy agreement argument comes to the fore again: who can see your data and under what circumstances? If the cloud service stores it in the USA (or even if the parent company itself has offices there), then the not so good old Patriot Act means that law enforcement and government snoops can have a nosy around pretty much at will.

The trouble with all the above is that it all adds up, and when it does the sum of its' parts start to look quite expensive in reality. The more you spread your data around in order to reduce the risk of non-availability then the greater the attack surface becomes and the greater the risk of compromise.

If you opt to use more than one free data store, then the amount of time you have to spend in setting everything up increases along with the complexity of your data storage and synchronisation strategy. Throw in an off-cloud backup and you've just introduced more expense and complexity.

By the time you have done all this due diligence, set up your storage strategies for three back-ups, invested in the necessary hardware, sorted out the encryption process, tested the recovery functionality and so on, well, you might think you would have been better off just paying for your secure cloud storage in the first place. Free, or freemium, is all too often a very false economy...

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.