Cloud disaster recovery mistakes your organization might be making. (As appeared in Cloud Computing Magazine)
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment. Approximately 47 percent of customers who go to an e-commerce site while it is down never return. Think of all of the money that was lost with the recent AWS outage! Cloud packages might not check off all of the disaster recovery (DR) points you think they do. Cloud computing is an excellent means to improve a company’s defensive posture against failure, but the cloud that is being used has to have built-in redundancy for local and geographic failure. Geo-redundancy, coupled with intrusion detection/prevention and denial of service attack mitigation capabilities, constitutes a total cloud disaster recovery package.
Many companies that believe they have the “total package” are making a common assumption that we’ve seen made time and again – that can backfire with major consequences. Historically, IT departments backed up their critical systems on tape drives or other media and then if/when a failure occurred they used those tapes to recover the data onto a new system and/or disk drives. However, these backups assumed that an available physical location (like a data center) was there and available; and when there wasn’t, all operations stopped.
The same is true of cloud companies. If a cloud provider uses a single data center with no data replication to other diverse locations, then there is no ability to recover from a geographic event (electrical, Internet based, weather, terrorist, etc.). This is true unless the company also subscribes to services from companies like SunGuard that specialize in providing disaster recovery services by leasing trucks with equipment, providing shared rack space, or providing dedicated rack space. Each of these options carries a hefty price tag (News - Alert). Additionally, the actual success rates when testing them are less than desirable. SunGuard-like solutions when fully tested usually reveal gaps that preclude the test from fully accomplishing the goal.
The next reasonable solution is to work with a cloud provider that uses multiple data centers. However, even this isn’t sufficient, unless that company can also successfully demonstrate the ability to transition the operations from data center A to data center B, and meet the Recovery Time Objective and Recovery Point Objective (RTO and RPO).
The optimal disaster recovery solution is for companies to tie themselves to a cloud provider that can supply not only the benefits of cloud computing (flexibility with compute resources, built in local redundancy, limited to zero IT personnel expense, expertise in DB, networking, firewalls, and intrusion detection and prevention, etc.) but also geo-disaster recovery. When bundling these services, the cost factor can be significantly reduced for the company and the successful testing and execution skyrockets.
If you are a Cx0, it’s not enough these days to think your data is safe because it’s in the cloud. It’s important to pick a provider that covers geo-disaster recovery services and can demonstrate its successes directly with you.
The following are some key questions you can and should discuss with any cloud provider as you consider your options:
- Are you located in more than one part of the country?
- Will the systems be replicated in entirety (operating system and data) to diverse geographic locations?
- Can we test the DR process?
Additional questions that should be asked include:
- Do you have intrusion detection and prevention services natively?
- How will you handle denial of service attacks?
- What additional infrastructure services come with your cloud?
- Database Engineers?
- Network Engineers?
- Firewall Engineers?
- Security Professionals?
If the provider can answer these questions favorably then it’s time to take the next step: ensure strong customer service and uptime are reported and proper certifications are in place.
View original Cloud Computing Magazine article from 3/7/17 here.