Friday, January 24, 2014
Cloud Services and Business Continuity
The fact that cloud services are popular deserves no further attention. Plenty is written about that, including elaborate pieces about security and business continuity. However, as much as people are aware that using cloud services may introduce risks to availability, very few realize what the impacts of an outage can be.
Today's gmail outage, as brief as it was, illustrates that.
Corporate IT typically has visibility and control of at most 5% of the entire infrastructure needed to deliver cloud services. A good service provider with extensive vertical integration may control up to about 15%. That still means that the remaining 80% is beyond either party's direct visibility and control.
While these numbers nothing more than a (good) estimate, they reflect something that is a little scary when really considered.
I make it a point to really outline this risk issue during a product selection process, and again at our annual business impact analysis meetings.It is important to make sure that all stakeholders explicitly acknowledge (and accept) the fact that cloud services will be unavailable and that alternative processes must in place to accommodate for that.
For some reasons, many business units are more inclined to believe an external service provider's claim that it must be "your IT department", even when those claims can be countered with proof. Having acknowledgement (and acceptance) of outage risk in writing, whether it is in meeting minutes that have been formally accepted, or in the form of email messages is very useful and may be a career saver.