November 7, 2014 | Written by: Mike Puldy
Share this post:
I was browsing my twitter feed recently, and I ran across a CloudEndure-sponsored survey on public cloud disaster recovery. The survey reported that the top four cloud risks were application bugs, network failures, human errors and cloud provider downtime.
The first three risks commonly crop up in most risk and resiliency surveys, including IBM’s annual surveys on IT risk. Yet, this is first time I’ve seen the concern “cloud provider downtime” raised as a bona fide risk.
The survey also reported that 54 percent of organizations have experienced a cloud outage in the last three months. The actual operating business or the cloud provider could have been responsible for the outages. Either way, the outage percentage seems quite high.
This brings me to my first issue: Many cloud providers focus on providing a highly available data center, but how many provide service levels around their availability. Will these cloud providers build these commitments into their contracts? Also, do these providers track their availability, and can they advise you on what types of outages they have experienced?
(Related: An interview with IBM Security GM Brendan Hannigan)
Let’s face it: No one in this business is fully exempt from an availability issue. So much of the data needed to run a business is in constant motion. So many parts of a business can come crashing to a halt when there is a disruption to this continuous flow of information. Even an organization that demonstrates a full commitment to availability has the potential to be down for at least five minutes a year, or statistically longer.
There are many examples of outages where providers have taken down their client, and t’s an easy web search to realize that many strong brands need to do more to protect their brand image and improve their cloud resiliency.
That brings me to my second issue: Too many businesses are eager to jump on the cloud bandwagon while the idea of resiliency is secondary, or doesn’t crop up at all, until the business experiences an outage.
The beauty of operating on the cloud is that a business can ramp up or ramp down their capacity, and subsequently their costs, very quickly. Provisioning is incredibly simple, and the flexibility of control and access is equally powerful. Still, there’s a dark side: Getting started is easy, but if you want resiliency thenk you need to build it in.
And while basic techniques like once-a-day point-in-time backups are easy to perform, and most cloud providers have these simple tools available on their provisioning menu, performing an actual recovery could range from hard to impossible. Moreover, for businesses with mission critical cloud applications, once-a-day backups may not be sufficient for both applications and stakeholders who require recovery times measured in minutes versus hours or days.
(Related: The hard realities of cloud security)
And thus issue number three: Building continuity and resiliency into your cloud solution requires serious thought and a defined strategy. For example, how current does your data need to be at time of disaster? And how fast do you need to get your operation back in business when disaster strikes?
On the back end lies the resiliency, or recovery centers, where cloud technologies are available to protect production clouds. These resiliency centers are the places where the clouds reside.
In the last 30 days, IBM opened our two newest cloud resiliency data centers in Raleigh, North Carolina, and Mumbai, India. It was very exciting to be personally involved with both from conception to completion. Both locations were built with the requirements of high availability, and a cloud virtualized infrastructure dedicated to recovery, at the cornerstone of their construction.
This brings me back to those four major risks of running your business in the cloud. What is the risk of an outage versus the cost of mitigating that possibility?
Ensuring a continuous operation will always cost something, and most businesses believe a do-it-yourself approach will save money. Regardless, the key point is the single act of placing a workload in the cloud doesn’t solve the resiliency question. Every enterprise must still decide what to protect, how to protect it, and then execute on the plan.
More than ever, business resilience is becoming a competitive advantage rather than a technical solution with a cost. I see many of my clients going to their clients and leveraging their business resiliency strategy as a proof point on why they are different and better.
The cloud enables companies to inexpensively and quickly grow their businesses in the expanding data universe. Clearly, this is a key reason why so many businesses are flocking to the cloud.
But building a cloud-based business is only half the battle. Too many companies ignore the need to also install a holistic resiliency program. Like an ostrich sticking its head in a hole, building resiliency is easily ignored because it is a challenging and evolutionary process, which requires significant capital investment in conjunction with specialized IT skills and expertise.
Either way, don’t forget your raincoat and umbrella on your way to the cloud.