In the age of cloud computing, what changes are occurring in Disaster Recovery and Business Continuity Management practices?
It is important to ensure the availability of information by:
- Choosing a reputable cloud provider
- Ensuring best practice when saving documents
Feedback from BCP Builder Community on LinkedIn:
Maintaining your own server
- On-premise availability strategies might be worse off than cloud-based strategies. Especially for a small/mid-sized enterprise which is financially tight fisted and do not have the means to implement their own resiliency or security strategies internally. They may be better off exploring the cloud. Established Cloud Service Providers usually have better resilience metrics as they need to protect many reputable enterprises.
- If you continue with having your own server, the infrastructure will experience financial depreciation and the enterprise will run the following risks in the long term:
- Capex to maintain and upgrade the hardware and software
- Increased risk of growing legacy systems which may introduce security risks and patch incompatibility
- Interoperability issues as new platforms emerge
- Poor utilization of IT resources because realistically not many of an enterprise’s systems/servers are on full load all the time. However, when a new system or major system upgrade is introduced, the business and IT teams will need to purchase new infrastructure
- Maintenance resources which could be better focused on value-driven work
What is the Cloud?
- There is a misconception among many that cloud equals backup. The reality is that cloud storage is simply off-premises. While cloud providers will ensure availability of data in many scenarios, there is still a duty of care on the subscriber. There’s also a whole range of weak points that may restrict your access to data which need to be factored into disaster recovery scenarios. Things like connectivity, latency, and priority.
- There is a pervasive attitude of complacence among some service providers, perhaps because of a sense of overconfidence in cloud features.
- Some clients simply assume availability through lack of understanding when outsourcing to cloud providers or buying in cloud services. Due diligence in supply chains is very important, know what you’re actually getting and where from. Analyze several tiers throughout the chain and match objectives in your contract.
- Moving user data to the cloud can be a quick win for the IT team, replacing some costly and intensive backup routines and technology; effectively making it “someone else’s problem” (provided some obvious diligence and workflows are embedded).
- It is always worth remembering that “cloud computers and storage” is just central processing units and storage area networks in a data center somewhere. Despite all their Business Continuity engineering, there may be service affecting events. You should ensure your service contract includes geo-replication or other data preservation routes.
- Positives: ease of access, from any mobile platform, positive data transfer globally at the touch of a button. During a crisis this enables swift proactive response capability.
- Negatives: data protection, cyber threat.
- Besides choosing a strong and leading cloud provider e.g. Amazon or Microsoft or Google, it is important to understand shared responsibility. Not all components are managed services from the cloud provider. For those cloud providers facilitating infrastructure only, IT users remain responsible for design and usage. This means high availability in design depends on the cloud provider you are using.
- Most of the Enterprise IT deployments are hybrid (Cloud + Private Datacenter) and for this you also need to select a strong connectivity provider between on premise sites and cloud. Non high-availability design in connectivity, can lead to downtime even though your cloud infrastructure remains highly available.
Do you still need hard-copies?
- It is worth considering saving your critical documents/ information like Business Impact Analysis or recovery flows in hard copy as well, at least annually. Hard copies saved in lockable pedestals or at the secondary site with restricted access might save the day.
What about applications?
- There is a wide gap between using cloud services such as Office 365 (SharePoint, Outlook etc.) for user data storage and sharing, and enterprise level cloud adoption for application use.
- Moving enterprise level applications to the cloud for resilience purposes is a viable high-availability route, provided the applications are – or, crucially, can be re-engineered to be – cloud-aware. This can be complex, but can keep organizations running in the event of local site outages.
If you want to increase your Organizational Resilience, start with preparing a Business Continuity Plan and check out BCP Builder’s Business Continuity Planning Templates.