Despite the hype (or perhaps, because of it), many organisations are still wary and unsure of the cloud and whether they should use it because of understandable concerns around issues such as how secure and resilient it is. But adopting cloud-based technologies doesn’t have to be risky or painful and it can bring advantages.
Instant flexibility and capacity
For instance, an accredited Tier 3 data centre is often more secure than the average corporate data centre. Using the cloud also provides organisations with the flexibility of capacity to scale up quickly compared to a traditional data centre, where they would frequently have to buy new hardware to ramp up.
This can be a big advantage for areas like cloud-based disaster recovery. With a back-up of the data, cloud providers can spin up a copy of a server within a shared infrastructure. While in-house data centres may need to bring in additional resources, cloud providers often have the resources available there and then. There is a potential disadvantage in getting the data back again, however, if an organisation has to download terabytes from the cloud.
Data backup is not enough
Assuming that the advantages outweigh the potential pitfalls, there are a number of simple steps an organisation can take to ensure its data is fully protected in the cloud.
First of all, organisations should not rely solely on data back-up to keep vital data safe from disasters. If they do, they could be disappointed. They need to ensure they have a full DR plan in place if they want to ensure business continuity. This means they should have a strategic plan in place to migrate to recovery servers in other locations when a disaster occurs. Additionally, it is important that organisations are aware of how to recover the data and that their users know how to reconnect to the environment.
Keep it local
In terms of where the data is located, there are numerous benefits in choosing a local cloud provider. Knowing data is being held in a data centre in the same country increases an organisation’s confidence that its data is safe and protected. But as well as being reassured by where the data is kept, an organisation needs to be comfortable with how the data is kept by ensuring the cloud provider offers all the protection needed to maintain the safety of the data.
Testing, testing, testing
It may not be enough to take a cloud provider’s word for it. Companies should test their cloud provider’s support a couple of times a year or more to see if the disaster recovery support works as stated. Organisations need to be assured that in the event of a disaster they have full support from the cloud service provider and their data is safe and can be recovered easily.
It also pays for organisations to have a strategic plan in place to carry out regular in-house testing of their own DR solution. Testing it regularly will only give them more confidence in the solution and the peace of mind that the DR plan will work seamlessly when an actual disaster occurs.
Effective DR is vital to business continuity
There is a temptation for organisations to minimise DR and treat it like an insurance premium. But the truth is that an effective DR strategy is much more than that. Any organisation that under-estimates the importance of DR is in danger of failing to appreciate the vital role it plays in its business continuity.
Simply put, without an effective DR strategy, there is no business continuity.
By David Fisk, EMEA Sales Director at Quorum
Bio : David is EMEA Sales Director at Quorum. He is an experienced IT Sales Director with a proven track record developing, mentoring and leading successful sales teams to deliver against quotas of between £4m and £60m p.a. He has an ability to manage demanding, lengthy and complex sales cycles, asking the right questions, involving all relevant stakeholders and managing successfully through to contract completion. David builds excellent customer relationships through integrity, credibility and has being able to articulate business value at all management levels through to blue chip companies.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.