More and more businesses are moving their systems from under the stairs or the back cupboard to a place in the cloud – which in most instances dramatically improves security, reliability and availability. But as organisations seek different and better ways to protect their critical data, they need to be aware of a number of key criteria to ensure businesses are ‘cloud-ready’ before incorporating it into disaster recovery plans. Disaster is always the situation that companies aren’t expecting – or want to think about. While there is no definitive answer that will solve all fiascos, there are ways to avoid being caught out.
Disaster Recovery Vs Business Continuity
Businesses first need to realise that there is a significant difference between Business Continuity and Disaster Recovery when considering their options within the cloud. Understanding this difference, and therefore the end goal, impacts the most suitable use of the cloud.
Disaster Recovery is a process that is enacted in usually more drastic scenarios and can take hours or even days to take effect. Whereas Business Continuity is the ability of an application or service to continue or return to service within minutes or seconds.
Moving a service from self-managed and on-premise to a professionally-run managed service will normally intrinsically improve the business’ Business Continuity capabilities – almost without planning to. This improvement is a by-product of the service provider having to consider the implications of service outages while maintaining adherence to SLAs. Meanwhile, more deliberate efforts are required to improve Disaster Recovery effectiveness. It involves active collaboration between the business and the service provider, which may involve replicating the service in another location in case of a fundamental disaster.
Migrating to the cloud
Some companies use cloud solely as a backup option and on a pay-as-you-go scheme. Setting a server up to run systems from the cloud on an “if needed” basis prepares businesses for a number of data eventualities. It is a reliable, cheap and secure disaster recovery strategy. It is also its distributed and offsite nature that makes the cloud a prime candidate for taking a pivotal role in business continuity and more intense disaster recovery planning. But as good as the cloud is for these purposes, it actually adds another element of risk to the equation that must be mitigated first.
When considering migration to the cloud, the issue of data sovereignty inherently coms to the fore. There are a number of rules surrounding data protection in the EU, and the good news is that they cover the whole of the region. Unfortunately, the European Court of Justice has lifted the safe harbour scheme between ourselves and the US, proposing to replace it with a new Privacy Shield framework. In the interim, most organisations are relying on a mutual non-disclosure agreement (NDA) between themselves and anyone else who gets their hands on their data under the EU agreement. This mutual NDA is essential, particularly if you are using an American company to host your cloud systems and data.
Then there is encryption. Who has the keys to reading your data? The more secure you make it, the harder it is to use. Several people must be aware of how to access the encrypted data to ensure that it’s effectively used day-to-day, and in the case of a disaster.
Finally, whenever business-critical applications and data are moved offsite, the network connection not only comes under greater strain, but its reliability becomes critical. In fact, with cloud as part of a disaster recovery strategy, your network becomes the most critical single component of your organisation’s entire business continuity infrastructure. Build a great cloud on a poor network and you may as well not bother.
Is your network ready for the cloud?
So what are the key components of a cloud-ready network? We consider a network to be cloud-ready if it incorporates the following aspects:
1 - A secure and scalable converged network that is centrally managed
The cloud relies on a robust network infrastructure that is dynamic, secure, scalable, distributed and can be monitored and managed centrally. The network should also be a converged network i.e. all types of traffic – voice, data, video and mobile – should be managed efficiently within the same network.
2 - Built in scalability and redundancy
Scalability to manage the peaks in demand that come from using the cloud, and redundancy in order to keep the lights on if one aspect of the network falls down. A network that is built in this way will also operate on a range of different access technologies (DSL, fibre, Wi-Fi, cellular etc.) in order to further minimise risk.
3 - Virtualised network
With virtualisation, a single “best-of-breed” IP network can be built on a range of different technologies from different suppliers, enabling the organisation to choose the best components to support its business continuity requirements. It facilitates convergence and flexibility, and since you no longer physically own the network, it enables you to shift an even greater proportion of IT costs to the more flexible OpEx model commonly used among cloud suppliers. Lastly, with a virtualisation layer unifying all technical aspects of the network, application developers only have to develop for one infrastructure.
4 - Application performance monitoring
Cloud applications are useless if their performance is so poor that it slows everyone down. This not only damages productivity, but may encourage employees to bypass the cloud altogether and return to on premise applications that are outside of the business continuity infrastructure. The network must therefore be able to monitor the performance of all the applications running on it so that they can be optimised differentially attaching priority for critical application flows accordingly.
Building the right foundations
Moving critical applications to the cloud without a strong and flexible network in place is like building a house with no foundations. Preparing for all disasters is not possible, but attempting to could prevent something that is screamingly obvious. If enterprises fail to ensure their own corporate networks have the right levels of bandwidth, flexibility, latency and security then they will at best never see the benefits of the cloud, and at worst, open up their business to significantly greater operational risk than if they’d remained on premise.