How cloud is affecting business continuity solutions

By Paul Evans, Managing Director, Redstor.
 
Cloud Computing has had a drastic impact on businesses and the technology channel. Many organisations are still nervous about offering cloud services but in these new lean times, the allure of being able to pay for only what you need when you need it, the proposition underpinning the Cloud, is gaining traction.

 
In terms of what the cloud can offer, it makes it easier for service providers to offer on demand, off site, flexible and scalable solutions, which from a Business Continuity (BC) point of view is imperative to end users. It allows businesses to carry on easily and quickly after disasters because the cloud allows them to restore data any time anywhere. It also allows people working remotely to access data and if a building has suffered physical damage a company can continue to operate remotely.
 
The majority of cloud service providers are offering some form of business continuity and back up service purely through the nature of their service needing to be highly available and this increases competition for specialist BC service providers and fragment their business somewhat.
 
BC Service providers must ensure they offer online/cloud services at cost effective and scalable pricing models to ensure they stay competitive and secure repeatable income. In addition, many customers are keen to know in which country their data resides in and will want their provider to be hosting 'in-country' due to legal and regulatory issues.
 
Many end-customers are already making steps towards cloud services in using hosted content, email filtering and online CRM services from a number of companies.
 
Moving to a cloud scenario means many of the services will already incorporate an element of BC and DR. As data is stored offsite and hosted by another organisation it means customers utilising cloud services have already replicated their data to a second server and as such created a DR solution, which is an integral part of BC policies.
 
If an organisation already has extensive BC solutions, processes and procedures in place then it can be difficult and very complex to replicate that solution to the cloud. Re-evaluating all solutions may not be necessary because if testing proves the solution is reliable then the added risk in migrating to the cloud might not seem justified.
 
Many providers are now offering virtual DR and BC solutions via the cloud; however these do not include physical sites and hardware. Some providers offer the ability for end users to replicate their key servers and data to their own data centres via the cloud, however not all support end users in the recovery from physical damage to hardware. So it is important to find a supplier that can offer DR facilities and mobile offices for situations such as these. Redstor can provide a full outsourced or hybrid approach depending on the customer circumstances.
 
In terms of what the cloud can offer it is easier for service providers to offer on demand, flexible and scalable solutions, which from a Business Continuity (BC) point of view is imperative to end users. It allows businesses to carry on easily and quickly after disasters because the cloud allows them to restore data any time anywhere. It also allows people working remotely to access data and should a building suffer physical damage a company can continue to operate remotely.
 
The only drawback of these cloud BC services is that there needs to be a clear service level agreement stipulating how long data will be kept. There also needs to be a compromise between the customer and service provider on the agreed down time that the customer can cope with.
 
We have not seen any examples of service providers going out of business or deciding to stop offering services, however if this did happen often the contract will include a section that explains where the customer can request that the data be destroyed after a certain period of time backed up with evidence that this has happened.
 
Very often service providers do not own their own data centres and a number of service providers will resell a particular vendor's product meaning the data may not even need to move as the infrastructure is already there, just the contract changes.
 
Typically many cloud based companies offer their services on a pay as you go basis generating constant repeatable income so there is a certain amount of security and insurance in offering cloud services as they tend to be quite sticky.  Unless the cloud service provider is not offering good service or is not price competitive then it is very rare for a customer to decide to leave a service provider once they have signed a contract.
 
There are three important questions customers should ask of their cloud service providers:
 
1. End users must make sure they are confident their data is securely stored by cloud service providers that it's safe and they are satisfied with the Service Level Agreement they are being offered.
 
Datacentres need to ensure their hardware and encryption levels are appropriate for the type of data and information they are providing services for. The environment and infrastructure must be able to support the security levels and sensitivity of the type of information being stored or accessed via cloud services.
 
2. Customers also need to ask "will the service provider be around tomorrow, next month, next year and where and in which country is my data being stored?" Customers need to know that the company behind their service is robust, has a strong reputation and has a number of years of expertise.
 
3. Potential customers should ask to see testimonials and case studies of customers similar to themselves. They should also ask to see reports on penetration testing and risk assessments of the services as this will help them understand the levels of protection provided by the cloud service provider.
 
Essentially Service Providers need to give customers an outline of their pedigree, stability and profitability as this is evidence of the quality and longevity of their services.
 
There are also accreditations such as FIPS 42 and ISO 9001 that give customers an idea of how secure their data is. If an organisation stores data and information for financial customers then you can be fairly sure the data is safe as the FSA can levy substantial fines on the people responsible for customer data if it is lost or damaged.