The growth of the cloud has allowed many an IT department to save money on labor and maintenance costs, avoiding many of the headaches that come with keeping hardware and software up to date. While outsourcing the tasks traditionally done by IT staff to a cloud service provider (CSP (News - Alert)) has many advantages, it does introduce a new problem: dealing with business continuity.
Since many tasks traditionally performed by IT staff are now provided by CSPs, IT management does not have direct control over how often these tasks are performed or even if they are performed at all. Making sure backups are performed on a regular basis alone is not enough. A continuity plan that protects against disasters must also resume operations as quickly and painlessly as possible.
One of the most common mistakes companies make is not only a failure to back data up offsite but to do so far enough offsite to be prepared for a disaster. A company in tornado-prone Oklahoma City would put its data at great risk if it relied on a CSP in nearby Moore, Okla., that did not also have redundant data centers outside the same metro area.
An article in Baseline Magazine refers to a PricewaterhouseCoopers (News - Alert) report that makes several recommendations to companies developing a continuity plan as it relates to their CSP. Companies should assess the business impact of a disruption and determine what level their risk is to data loss in the event of a disaster.
Identifying the vendors most critical to a successful recovery is another important step. What will it cost and how difficult will it be to recover from a disaster when working with a particular vendor? A vendor’s recovery capability must meet the needs of an enterprise customer more precisely and the customer must verify these needs are met. The customer must also ultimately determine how much risk they are willing to take and how much protection they can afford.
Just because many companies have outsourced their IT to the cloud doesn’t mean that accountability has been outsourced too. Protecting enterprise data is still the responsibility of IT management. While IT may not be doing the work, it is IT that must see to it this work is being done. Having a definitive continuity plan and enforcing it will go a long way in protecting data as reliance on CSPs becomes standard practice.
Edited by Rory J. Thompson