Business Continuity
Data protection in the cloud
IT administrators should evaluate platforms and service providers thoroughly to mitigate risks.
by Bob Williamson
The potential for extended storage capacity, scalability and cost benefits associated with cloud computing make transitioning to an on-demand IT services model a compelling solution. IT administrators, however, often remain hesitant to adopt a cloud services model because business continuity and data security are at risk. When data is centralized–as it is in the cloud–a single point of failure is created. If the host system goes down temporarily, or worse, the host provider goes out of business, retrieving company data may be impossible.
Ensuring business continuity and data security is possible with cloud computing services, but IT administrators should evaluate cloud platforms and service providers thoroughly to mitigate the risks associated with moving applications and data into the cloud. With careful selection of the services and attention to which data and applications move to the cloud, companies can use the cloud to minimize capital costs, to streamline operations, for real-time backups of critical IT operations, as well as for off-site data replication and disaster recovery.
The following tips can help administrators choose a cloud computing service provider:
1. Check the provider’s record of meeting customer obligations and understanding the details of service-level agreements is important. Look at the long-term financial viability of the cloud vendor.
2. Be aware of potential issues with storing data in locations that may violate federal, state or local government restrictions for use and transfer of the information. Organizations in the healthcare and government sectors, for example, should adhere to stringent civil and criminal policies associated with information loss and leakage. Such organizations should be particularly diligent in understanding the cloud provider’s terms of service as they decide how and if they are going to adopt a cloud model.
3. Verify details about the provider and its services. Companies should know where their data will be stored and what will happen in case of a disaster. Ask about the cloud providers’ practices and policies. Research the qualifications of the cloud providers’ policymakers, architects, risk-control processes and technical mechanisms. Inquire about the level of testing that has been completed to verify that service and control processes are functioning as intended. Avoid vendors that refuse to provide detailed information on security programs.
4. Know how key information will be recovered. Many cloud providers take incremental snapshots of customers’ data and transmit it over the public Internet to storage facilities. In the event of an actual disaster, however, customers could be left with no data center, no servers and no connection to the Internet.
5. How does the provider replicate data? During disasters, companies need the ability to access the cloud storage with assurance of data integrity across duplicated nodes. Should the cloud provider have an outage at one data center, accessing replicated data at another data center is crucial. Having data replicated from the corporate data center to the cloud is not sufficient; the cloud storage should also be replicated. Commercial disaster-recovery offerings combine the market’s best data and application availability and recovery solutions–services that, essentially, allow companies to replicate entire data centers in real time in the cloud.
Bob Williamson is the executive vice president, product management and business development, at
SteelEye Technology, Menlo Park, Calif.
For more information
(click here)