Last week, Adobe experienced a major outage of the authentication system that allows users to log in to Adobe Creative Cloud programs including Photoshop, Illustrator, Dreamweaver, and InDesign, among others, and the online support forums for those products. Many businesses, particularly the media, rely on Adobe Creative Cloud for mission-critical uptime, and the outage has caused substantive difficulties for subscribers.

Outage autopsy

At 2:22 PM Pacific time on Wednesday, May 14, 2014, Adobe tweeted that users are unable to log in to its Adobe Creative Cloud accounts. Services were completely restored at 6:06 PM the following day, according to Adobe. Adobe’s post-mortem briefing is light on details, but the company insists the issue is not security-related, but rather that the “failure happened during database maintenance activity.” This is in contrast to the exploit in October 2013 in which product source code and credit card information for at least 38 million subscribers was stolen.

As a result of the outage, the digital version of the UK’s Daily Mail tabloid newspaper, “Mail Plus,” was unavailable Thursday, and access to the Adobe Digital Publishing Suite — a cloud-only service for which no workaround existed — was also unavailable.

The “service” in software-as-a-service

Unlike software-as-a-service (SaaS) offerings from other companies, this is not a case in which the SaaS offering is a cheaper alternative compared to the standalone desktop version. Adobe Creative Cloud is the only means through which users can access the most recent version of programs previously offered in Adobe Creative Suite, such as Photoshop. Adobe announced in May 2013 that no further versions of Adobe Creative Suite would be offered, instead opting to force all users onto the subscription-based Adobe Creative Cloud, to the frustration of users.

It is not the case that users of Creative Cloud are second-tier citizens in this ecosystem; Creative Cloud is intended to be Adobe’s premier ready-for-primetime offering. The difference between the two products is relatively slim — Creative Cloud uses a new, incompatible file format, and offers cloud storage of files, along with some web-based utilities for desktop publishing. Overwhelmingly, the product is the same as it ever was, with the actual computational tasks being handled by the software installed on the user’s computer. As such, the requirement to “log in” to a legitimately purchased program before using any of the cloud-connected services is tantamount to a Digital Rights Management (DRM) scheme.

Support and workarounds

The Adobe chat support line (which experienced longer than normal wait times due to the nature of the outage, causing a strain on the system) recommends users check for solutions to their problems on the Adobe support forums. These forums require logging in with the Adobe ID in order to post, a task which proved impossible with the outage of the authentication services.

Adobe, to its credit, did provide a workaround for most of the products affected by this outage. This workaround, as explained by Adobe, is to disconnect from the internet and restart the program on your computer. However, this workaround highlights the extent to which the license verification DRM is broken. Given that the bulk of the software in Adobe Creative Cloud package is actually desktop software with cloud storage features tacked on, the Adobe Login service isn’t needed for most of the functions that the software provides.

When pirated software is more reliable

The initial workaround to the connectivity issue is to disconnect the computer from the internet and restart the program. Programs such as Photoshop are not dependent on cloud services to apply visual effects to photos. This will continue to work for 30 days since the last verified login to the Adobe authentication server.

Illicit versions of Adobe Creative Cloud defeat the connectivity check by redirecting the cloud login check to the user’s IP, and extending the amount of time that can occur for the next verified login from the Adobe authentication server. (Note: We are not endorsing pirating software.)

My take on what’s needed to prevent more of the same

In an effort to prevent events such as mishandled database maintenance from inhibiting millions of paying customers from using the product, it’s probably necessary to edit the way the license verification scheme works. A more elegant solution would be to extend the 30-day grace period from the last known login, and not require the user to be offline to circumvent the license verification.

A better alternative would be to not conflate cloud storage services and a DRM scheme. The desktop programs in Adobe Creative Cloud do not need cloud processing time to perform its core functions — the programs run from the end-user’s computer. The inability to retrieve remotely stored files on a temporary basis is preferable to being completely unable to use a program because of a critical failure in a database server.

Post your thoughts and experiences

Have you resisted upgrading to Adobe Creative Cloud due to concerns about reliability? Have you faced delays in your project due to the outage of Adobe Creative Cloud? Let us know in the comments.