All your data are belong to u̶s̶ you

A story about how not to get fucked over by your software contractors

In the late 80’s there was a game exported from Japan to the US. As part of this export the game was translated from Japanese to English… Mostly. In one particularly famous point in the game the phrase, something like “We’ve taken all your bases!” had been translated “All your base are belong to us”

Kind of a funny mistake, but recently we at Sitewards started hearing stories of actual situations in which peoples eCommerce software and infrastructure were being held hostage by companies over some sort of contract dispute or other. These disputes can hold hostage millions of dollars and years worth of labour, in some cases entire business hostage to the contractors demand. This is an extremely difficult position to negotiate out from as a merchant, even to move to another provider to continue the contract.

The inherent information asymmetry

Once the provider is in control of the service they are in a position of tremendous power over you, particularly if the online revenue stream is a significant part of your business. The provider can fail to live up to their obligations under the contract, force changes to the contract or simply dodge questions and construct understanding to ensure that you understand “this project is simply expensive” and not “this provider is incompetent”.

A relationship spirals out of control

However, when deadlines start slipping, or when a service is not performing as expected or when budgets have been far exceeded and communication has not been as up front and honest as it needed to be, both parties in this relationship will start to hold the other accountable, and attempt to bring the situation in some form of control.

It is here where the power asymmetry between the provider and you as the merchant makes it extremely difficult for you to negotiate successfully. You can withhold funds for a service, but in many cases a software provider can switch off that service, and refuse to allow the access required to transport the service from one provider to another. Additionally, even if they do provide some level of access, it may not be enough to have the service performing as well as it was before, and thus makes it more expensive for another provider to manage this service.

Forewarned is forearmed

Your data

Compute infrastructure

  • Virtual machines
  • DNS services
  • Domains
  • Databases
  • Backups

As well as many other types of operational tooling. This is what actually powers the service, and is generally the “ultimate control” over the service.

Version Control

It allows developers go back and forth through the history of development to understand and make decisions, as well as to coordinate their development for releasing the next application version.

Both the application itself and the underlying services (such as those that bring up the compute infrastructure) are often in version control. It is good to have at least an always up to date copy of this, however it is also possible to use a centralised service such as GitHub to remain in 100% control of the version control.

Continuous delivery pipeline

Project documentation

Project or issue management data

That data is more commonly stored in issue management systems such as Jira, GitHub issues or other such tooling. A history of such things is useful when trying to understand the context of a project after a project has been transferred between providers.

Control means responsibility

The safety implications

If you are in control of this tooling you are responsible for the billing associated. Additionally, you immediately become an extremely attractive target for those who would seek to steal that access both to steal your data and to make use of the resources that you have attached to your credit card.

This means that the credentials that you have that give you this access must be kept extremely safe. While they provide you the ultimate access over a given account, you almost never want to use them directly; instead, they’re used only to grant access to others to manage your account. In the case those “ultimate” credentials are compromised there are audit logs that will detail who did what and how, and there is little recourse for you as a merchant having lost 10,000 EU on stolen compute time.

Additional costs

How we at Sitewards balance this issue

Accordingly, by default the most important aspects (the compute infrastructure) are in the control of the merchant, with limited access delegated to us to manage the resources as we deem necessary. Additionally, we make available version control at the merchants request. All of our documentation, delivery and other tooling is expressed in version control — accessing version control means accessing everything that we have in the project. Lastly, we are continually refining how we can make our development process more transparent, which in limited cases includes access to the project management tooling.

We are not perfect at managing this trade-off yet. But, as I hope this post demonstrates, we understand the risks that merchants are faced with and we’re trying to offset this risk as best we can.

In Conclusion

If you are in doubt, ask us at Sitewards.


  • Pascal Brouwers, Daniel Nettleton for early reviews.
  • Tomasz Kaplonski for review and feedback.
  • Cipriano Groenendal for review and feedback.