Fake Data Ownership vs Real Data Ownership
When Austen Allred, the CEO of polarizing code boot camp BloomTech, tried to migrate his virtual school off of Slack, he almost learned a $78,000 lesson on the concept of data ownership.
This is hands down the most unacceptable interaction I've ever had as a CEO.
— Austen (@Austen) January 29, 2024
Having paid Slack millions of dollars, exporting our data is failing. We tried a few ways, none of it works.
Slack's response?
"Sign a new contract or your data automatically enters deletion queue." pic.twitter.com/KWS8npiwN7
“In case you’re wondering, the ‘services package’ they are referring to where they would migrate the data for us was quoted at $78,000,” said Allred.
Luckily for him he’s famous (well, he has a whole lot of X followers). That was enough to prompt Slack’s parent company’s CEO, Salesforce’s Marc Benioff, to personally DM Allred, apologize, and solve the problem.
In the replies, Allred’s followers quickly pointed out that not everyone has his level of influence and would have been hopelessly stuck (or out of $78,000) without it.
“Would they have this change of heart if you didn’t have 300K+ followers?” one asked.
“Fortunately I’ll never know :),” Allred replied.
Fake data ownership
Slack’s website claims, “Customer Data (i.e. the messages, content and files that you submit to the Services) is owned and controlled by the Customer.”
Austen Allred might disagree. Many other SaaS customers would, too.
SaaS ecosystems are increasingly abstract, complex, and competitive. It pays to be the “man in the middle,” so if a company can legally say you own and control your data while practically being able to put it into a deletion queue if you don’t re-up with them immediately, many of them will.
Other companies are more secretive about how they use your data. In 2023, Zoom was briefly embroiled in a scandal when it quietly changed its terms of service. The new language suggested that Zoom was using the audio and video data collected from its customers’ calls to train proprietary AI models without an opt-out option.
In fact, you can opt out — by not using Zoom. That’s the opt-out option. The Associated Press reported, “The current terms would not allow the company to tap user-generated content like video and chat for AI training without a customer opting in. However, once a meeting host agrees, other participants would have to leave if they don’t want to consent. The terms also allow Zoom to use other data, including information about user behavior, without additional permission.”
SaaS is a black box
Ultimately, when you rely on the standard SaaS model to conduct business, you’re giving your data away, and you don’t know what will happen to it.
Software and service providers like Blackbaud and Solarwinds have been sued for failing to disclose critical information about customer data stolen in cyberattacks. Other companies, like Carta, have had their employees access customer data (in Carta’s case, confidential cap tables) to boost other business deals.
But if the SaaS model is broken, what’s the alternative?
How to take back control
You don’t have to do everything yourself to take control of your data assets — but you should work with vendors that prioritize your control over their profit.
For starters, as much as possible, partner with vendors who let you self-host or self-manage their applications. This model is a reversal of the typical SaaS engagement and maximizes your control.
- Mattermost is an alternative to Slack that offers “fully self-sovereign infrastructure and complete service control to reduce your risk.” From NASA to Nasdaq, Mattermost is the preferred team collaboration platform for hundreds of enterprises and government agencies.
- Jira Software is the world’s most popular project management tool. It’s available as an Atlassian-hosted cloud service and as “Jira Software Data Center,” a self-hosted instance of Jira for on-prem hardware or your own cloud.
- GitLab is a codebase repository and version control software. Two-thirds of all companies self-hosting Git (the open-source software that powers GitLab under the hood) use GitLab.
Even if you can’t self-host/manage now (perhaps because your organization lacks the engineering resources), choosing vendors like these in the first place — ones that give you that option — makes transitioning to self-hosting/managing later much more viable.
Then, there are companies like Onymos that build their software using a “no-data” architecture model and have zero data access.
Onymos CEO Shiva Nathan explains the concept like this: “Essentially, we provide the libraries or licensed source code for a complete software solution. We designed it all to take the data from your app and put it directly into your data center. It doesn’t have to stop over at an Onymos server or be accessed through an Onymos-hosted portal. We don’t see or access a bit or byte of your data.”
Today, there’s a gap between what the majority of SaaS vendors call “data ownership” and what real ownership actually is, but you don’t have to settle. Companies like Onymos can help you take back control. If you’re rethinking your data management strategy, get in touch with our team.