Five steps to protecting data in the cloud
- Published: Wednesday, 26 August 2015 07:10
Logicalis US says that there is a growing misperception that data that resides in the cloud is automatically protected just because it’s in the cloud. This, the company warns, is absolutely not the case.
“There’s a common misconception that placing your data in the cloud solves all problems, and that’s just not true,” says Eric Brooks, Cloud Services Practice Manager, Logicalis US. “Not all cloud providers are built to accommodate enterprise-level IT needs; many don’t provide the kind of advanced networking, backup or disaster recovery services you would expect to find in an enterprise IT organization. Don’t assume the cloud is somehow magic. When you consume cloud services, it’s critical to know what you are getting. You have to understand what inside of your business is driving the move to the cloud, and whether the services your cloud provider offers align with those business drivers.”
Cloud providers buy the same servers as their customers – just more of them. This means, the same issues a CIO might face in a corporate data center / cen6re regarding backup, disaster recovery and data retention can be amplified within a cloud provider’s environment.
According to Logicalis, the key to securing data in the cloud is to determine what kind of disaster recovery protection a business requires, to communicate that need clearly among key stakeholders in the business and to the company’s cloud provider, and to thoroughly assess the services the cloud provider is able to offer. There are five important steps Logicalis’ experts have identified that can help IT pros do this along the way:
1. Define what you need: Before IT pros can assess a cloud provider’s services, they must define what the business needs. Cloud service providers often say they offer five nines (99.999 percent) of uptime – do you need that kind of availability? Does your business depend on being up 24x7x365? Do you have regulatory requirements or recovery time/recovery point objective (RTO/RPO) needs that have to be addressed by strict service level agreements? Aligning what the provider offers with what the business actually needs and can afford, and communicating that to the business’ key stakeholders is as much a people issue as it is a technology one. They key is to come to the table knowing what you need so expectations can be both defined and delivered.
2. Read the fine print: Enterprise IT pros looking for a bargain often turn to brand-name cloud providers because of cost, but the old adage holds true: You get what you pay for. Economies of scale among the industry’s largest cloud providers can indeed deliver a price break and often times a good value, but the tremendous number of customers they serve can make their offerings somewhat ‘widgetized’; perfectly repeatable services that leave little room for customization. When it comes to more complicated services like backup and data retention that aren’t as easily productized, IT pros need to read the fine print to know just what they are buying.
3. Trust, but verify: Ask for documentation about the people, processes and technologies involved in disaster prevention and disaster recovery. Brand-name cloud providers may house their servers in a Tier 3 data center, but if the technology isn’t in place to replicate your data between two data centers, for example, it can still be lost without a moment’s notice. A robust infrastructure is important, but it doesn’t equal a sound strategy. To be secure in the cloud, you need both. Trust what your cloud provider tells you, but verify that what it offers can and will meet your business’ needs.
4. Test, test, test: There are many different technologies a cloud provider might employ to provide some level of disaster protection, but they are all prone to potential failures. The only sure-fire way to know if your provider’s disaster recovery plan is viable is to test, test and test it again. If a cloud provider tells you they perform routine tests, IT pros have to know what questions to ask: How many tests do you perform each year? Do they test your entire system or just a percentage of it? How many times have their tests been 100 percent successful? With regular testing, you find the kinks in the system – and you create solutions to abate them – before disaster actually strikes. Does your business really rely on uptime? If so, you have to know if you can bring your systems online in another data center if you need to; a lot of these things work in theory much better than in practice, and there is no shortcut to testing.
5. Back it up: Know what you’re protecting against so you know what kind of backup you need to perform. Data replication, for example, has a completely different purpose from data retention. Replication will protect you from a single site failure by making that data available in multiple locations. Retention, however, will protect you against data loss, accidental deletion or corruption of files. Many of the larger cloud providers don’t offer this kind of protection because, on a large scale, it is simply too cumbersome to manage. While their services are valuable to a wide array of customers, cloud services that are built more specifically with the enterprise customer in mind will be most likely to offer this kind of data protection.