The service was out for several hours. As businesses increasingly move towards cloud services, there are new risks that need to be considered, appraised and dealt with. Thinking that a service provider won’t make the occasional mistakes is naive at best and could be disastrous.
The introduction of cloud services has had a number of unintended consequences, not least is the abdication of responsibility when it comes to security and availability.
When IT is run in-house, security policies are applied and there are known parameters relating to availability. Is the data secure, are the systems free from viruses and hardened against hackers. Is the data backed up, if critical is the application clustered and the data replicated?
When moving to a cloud service, it is often assumed that security is done by the service provider and that availability will be 100%. Of course this isn’t the case.
Some providers do offer security and availability options – but it tends to be opt-in rather than opt-out and of course there are additional costs involved.
Without asking the right questions it is often the case that data is stored and an application is run on infrastructure you would never consider appropriate if it was in-house.
Service Level Agreements can offer some compensation for a service that’s down, but probably not as much as your company may lose.
The service being “down” is not necessarily the worst that can happen – the service being corrupted, but going unnoticed is worse. Or what happens if the service provider disappears – along with your data – how quickly can you get up and running on another provider’s service?
There are several resources available to help you make the right choice of cloud service provider including: The Jericho Forum’s Self-Assessment Scheme, the Cloud Security Alliance’s security guidance in cloud computing or ENISA’s cloud computing risk assessment.
Understanding what your happens in the event of a ‘disaster’ is important – how will the provider work to fix the problem. After all how will they know how long it will be to fix the problem.
Cloud based services means greater access to more applications – with the opportunity for suppliers to rapidly add and roll out new functionality giving greater value to you, the customer.
But with the new opportunities come new issues – being aware of the risks and having a contingency plan is essential. Forewarned is forearmed.