Disaster recovery: Are you prepared for the cloud to clear?
Most of us live with our heads (and devices) in the cloud – without much thought about the potential risks.
As people become more accustomed to our data always being just an internet connection away, we tend to take for granted the complexity of the processes and technology required to make this so.
Rather than being stored in the sky, as the name suggests, cloud data is hosted in servers, in buildings, that travel through cables in the ground. Encased in wires. And metal. And plastic. Vulnerable to earthquakes, floods and fires.
In March last year, a fire at a French data center disrupted many European websites and platforms, while various software and network engineering issues caused a series of AWS outages in December, taking down Slack, Netflix and Disney+ to name a few. Luckily in all these cases, services were quickly restored, but what if they hadn't been? How long could your business last offline, or how many of these outages could it tolerate?
And those are just the "accidental" incidents. Cyber attacks have exploded in the last financial year. The Australian Cyber Security Centre alone received over 67,500 cybercrime reports, an increase of nearly 13% from 2019-20. To put that number in perspective, it represents one cyber attack every eight minutes.
Remember that cybercriminals aren't always criminal actors with financial motives; government agencies can also get in on the act. It doesn't actually matter where your data – or your client's data – was created. If your data somehow ends up being stored in another country, it becomes subject to all of their laws. Mind you, absolutely none of this is to suggest that we should abandon the cloud. It is simply to say that, while you should hope for the best, it will generally pay to also prepare for the worst.
According to Gartner, "Having a cloud exit strategy is like having a disaster recovery strategy: You hope you never need it, but you absolutely should have one.
Why you need a cloud backup plan
Cloud contingency is the end-to-end process of identifying, assessing, monitoring and addressing the risks that your business might well face if it conducts its business in the cloud. An effective cloud contingency strategy is one that will protect your business from unexpected events and allow you to remain flexible in a rapidly changing environment.
While you'll likely be able to manage most events at short notice, in some circumstances, a swift partial or complete exit from your IaaS, PaaS and SaaS-based Cloud Service Provider (CSP) will be required.
Considering the current environment, some key questions to ask are:
- If your CSP doesn't keep pace with regulatory changes your organisation could become non-compliant with critical industry standards. Are you ready to deal with the security and legal issues which may result?
- Your CSP's offerings may be market-leading today, but what about tomorrow? In an environment of constant disruption and innovation, are you sure your CSP's services will keep you ahead of your competition in the long-term?
- Many organisations are currently experiencing profound transformation. Will your CSP be willing and able to meet the changing needs of your customers and staff, and/or support a fundamental shift in your business direction?
- No company is immune to scandal. Are you sure your CSP has the financial strength to weather any storms on the horizon? If your CSP's conduct breached your organisation's core values, would you be able to take swift action to protect your brand?
- These are challenging times for many businesses. Do you trust your CSP to prioritise your long-term relationship over short-term profit?
If any of these questions caused you to pause, Infosys recommends you commence cloud contingency planning processes without delay.
Infosys Consulting has developed an end-to-end Cloud Contingency Framework, so don't hesitate to reach out if you'd like some company on your cloud risk mitigation journey.