Hurricane Sandy was an awful, albeit salutary, reminder of the importance of effective IT disaster recovery and business-continuity planning. Whether or not you think the climate scientists are right, Mother Earth is indisputably volatile and unpredictable. Exceptional events do and will continue to occur. As a CFO accountable for enterprise risk, how do you make the best use of cloud computing for risk mitigation?
To date, much of the focus on cloud computing has emphasized the rigors of managing the shift of your systems and infrastructure from the (seemingly) safe harbor of on-premise servers to the (presumably) choppy waters of the hosted cloud. There are a wide range of factors that make this “lift and shift” no trivial task, even without disasters.
But when disasters do come, you’d better be prepared.
Could the Cloud Be Your Next Disaster?
If you’re counting on your cloud provider to be fully responsible for disaster recovery, its disaster-recovery capabilities need to be carefully assessed.
That disaster needn’t be a natural, Sandy-like catastrophe. If your provider drops the ball for whatever reason, its disaster may rapidly become your disaster and indistinguishable (from the perspective of your business) from anything nature can dish out. These misfortunes could range from data loss or corruption to persistent and major infrastructure failures to a significant security breach. And there’s always the possibility that your provider simply goes out of business.
Presumably, you’ve made allowances for these exigencies in your cloud contract.
But if your provider’s services are affected by what insurers call acts of God — wind, earthquake, or flood — and it’s unable to recover quickly or adequately, you may have no choice but to watch and wait, unless you’ve made prior arrangements. Not all providers offer explicit warranties regarding disaster recovery. And the way you define disaster may not be the way your provider defines it. At what point does an extended outage become a disaster? Understanding this is even more relevant given all the new entrants into the cloud market, each with varying levels of maturity and capability.
However, instead of dwelling on what could happen in a disaster, why not focus on using the cloud itself for your disaster recovery?
Could Cloud Be Your Disaster-Recovery Strategy?
According to research firm Ovum, disaster recovery and storage backup top the list of what customers are looking for in infrastructure-as-a-service. Gartner predicts that 30% of midsize companies will use disaster-recovery-as-a-service (DRaaS) by 2014.
Analyst predictions are interesting and can help you understand the context of discussions, but when it comes to your organization, with its specific requirements, knowing what other organizations are doing only helps so much. A deeper dive can illustrate how a cloud service, if chosen and implemented wisely, may have certain advantages over more traditional disaster-recovery options.
DRaaS: Still Not a Settled Issue
There are a number of reasons why the cloud, even given its advantages, may still not be the best choice for your disaster-recovery solution. For instance, not all on-premise legacy or custom systems will work in a cloud environment, so you may have no alternative other than to continue to work with a conventional, noncloud disaster-recovery service, or a collocated data center where you rent space for backup servers and bandwidth. (Bandwidth may be a limitation in a full-blown disaster. Your systems may be up and running but, as everyone tries to access the same network at the same time, due to network congestion they may be inaccessible to your customers.)
There are raft of compelling disaster-recovery solutions in the cloud. In order to make the right decision for their organization, CFOs need to be able to ask the right questions and perform the due diligence commensurate with the decision’s importance. Like most things in life, if the solution seems too good to be true, it probably is — especially if you have an IT ecosystem of significant scale and complexity.
Rob Livingstone, a former CIO, is the author of Navigating Through the Cloud. He runs an IT advisory practice and is also a Fellow at the University of Technology Sydney (UTS), Australia, where he teaches strategy and innovation in UTS’s flagship MBITM program. Visit Rob at www.rob-livingstone.com or e-mail him at [email protected].