I always wondered about the security and outages of cloud applications and how that impacted the decisions of the Enterprise in using Cloud Services. I wonder if anyone thinks about it when signing up for a service. Typically it is low-cost and a small group is signing up for an application, so no one has to worry about it.
I was listening to the Gartner Webinar on this topic recently, one thing stuck out which I never thought about. What if the provider goes out of business? Obviously it does happen even if it is not very often. Most of the applications in the cloud, especially the latest ones, have quite a bit of Enterprise level Data. Does anyone think about their cloud provider going out of business? I am sure we are assuming that the Disaster recovery is the service providers issue. Most of the cloud providers do have this and the chances of outages in the cloud are as good as Enterprise Applications. But if the provider goes out of business what kind of timeline does one get for securing the data and if the data is lost what is the impact and remedy?
I remember my start-up days where as a CTO, I backed up our code and deposited it in a bank vault as part of the source code insurance obligation. The idea is that customers have this software running until they transition out. The customer may not change the code, but they asked for that. All the Enterprises I worked for included a Disaster Recovery (DR) strategy and I remember the drills we had to go through during my DBA days (backup / restore etc.).
The question to ask here is, does your DR strategy include Cloud applications, to mitigate the impact of Partial / Permanent Data Loss, and Service interruptions ?
Some of the sophisticated companies do secure their cloud data through back up and web-services to integrate into their Enterprise Data. But, I have not seen any contingent operating procedure for outages and service interruptions for Cloud Applications. We take it granted that when it is in the cloud, it is always available.
It is imperative to have a plan, if the application holds important data, for outages, security breaches and permanent data loss. If you haven’t classified the cloud data sensitivity and have comprehensive policies for risk mitigation based on the sensitivity, the time to do so is now.
If you are interested in the Gartner Webinar here is one:
Presented by: Jay Heiser