The future of Web 2.0 and the web app revolution will hinge on one critical issue — where the data is stored. The advantages of hosted, instantly upgraded, never-have-to-install applications on the web are obvious and many — anyone who has ever struggled with software installation and upgrading knows this intuitively.

But there is a downside that is less obvious to the average person and that is starting to get increasing attention — most web apps, like Gmail and Flickr, require storing your data on somebody else’s servers. This is convenient and saves a lot local disk space, but it puts the security of your data beyond your control and, worse, it puts the ownership of your data potentially beyond your control.

Marshall Kirkpatrick Mike Arringtonshined a spotlight on this issue with respect to photo storage — it turns out the while Flickr will let you share your photos with the world, it won’t let you share those photos with competing web photo apps like upstart Zooomr:

Tate from Zooomr says that the exports are a cost of doing business, that Web 2.0 is where “the roach motel stops” and that Zooomr will always make it easy for their customers to take their data elsewhere. That’s easy to say when you’re the underdog, but the issue does lead to some questions about data portability and web services. Day one of the post-Gates era seems like a good time to consider such questions.

There’s also a NYT article on the web app revolution that raises data storage as one of the key barriers to adoption:

And you must be comfortable with the idea that your addresses, your correspondence and your documents don’t reside on your hard drive in your computer in your home. They are stored at sites controlled by a giant company.

And this is just the consumer side of the issue. Inside the enterprise, the issue becomes more acute — most companies are not going to want their critical data stored outside the corporate firewall — this is the biggest barrier to Google competing with Microsoft for control of business applications. And this is a potential advantage of Microsoft’s stated strategy of making its Live web apps an extension of existing client and server software — the data can still be stored where it has always been stored.

It strikes me that there is a huge opportunity here to create a single point of secure online storage that can be accessed from any web app. The open architecture principles of Web 2.0 (APIs, etc.) would seem to make this approach obvious.

Gdrive perhaps?

I corresponded with Nick Carr on this issue, and he makes some good points about data security:

Companies have long allowed payroll data (pretty sensitive stuff) to sit on service providers’ servers, and lots of them are doing the same with customer data (also extremely sensitive) through, eg, On the consumer side, given individuals’ cluelessness about security and even backups, it’s probably considerably safer for most people to stick their data on an outside company’s servers than to keep it on their own hard drives.

On the corporate side, the outsourcing of data storage depends to some degree on the future of data security legislation. On the consumer side, granted that most people would do better outsourcing the securing of their data, but perceived control, even at the expense of actual security, is also a powerful force.

Nick also comments, “I’m a big advocate of web apps, but that NYT piece today could have been written by Google’s PR department.” Indeed.

Regarding my mis-attribution of the TechCrunch post to Mike Arrington instead of Marshall Kirkpatrick, it’s interesting how easy it was to make that mistake — that’s what happens when the brand becomes synonymous with a person.