The cloud has transformed the way we do business today, improving infrastructure scalability and cost models for everything from software to data storage to disaster recovery. As with any IT solution, however, cloud computing isn’t without its risks.
In 2012, the International Working Group on Cloud Computing Resiliency (IWGCR) claimed that cloud downtime had cost £45 million over five years. Although a new five-year report on cloud outage costs hasn’t yet been released, we do know that application downtime is costing enterprises across the globe an estimated $16 million (approximately £12.9 million) annually.
So how can businesses reap the benefits of the cloud while minimising the risk of downtime? The solution is having the right support. The following steps are key starting points for mitigating cloud risk:
Symantec reported that, in 2015, there was a new zero-day vulnerability discovered every week. Not surprisingly, spear-phishing campaigns targeting employees increased 55%, and ransomware increased 35%.
Technology is constantly evolving to thwart these attacks, but security software cannot be treated as a set-it-and-forget-it solution. It must be complemented with monitoring, patch management and routine maintenance.
The challenge is that nearly half of businesses admit that there is a talent shortage in security. ESG research indicated that 46% of organisations say that, in 2016, they have a “problematic shortage” of cybersecurity skills, while a surprising third (33%) admitted their biggest deficiency was in cloud security specialists. Based on these figures, incident detection and responses to cloud-based cyber threats would undoubtedly be a problem for those organisations, as they have inadequate staff available to manage any cybersecurity risks that may arise.
This is a major problem, as malware infections are commonly the result of inadequate patching, carelessness, misconfiguration, human error or negligence. These errors can have costly ramifications if malware infiltrates the network and corrupts backup data.
As such, businesses might require a managed firewall service that can keep their network secure while freeing up their staff to focus on day-to-day responsibilities. Different organisations will require different levels of support, but one advantage of a cloud-based firewall service is that it is scalable and can be changed to meet ever-increasing demand and usage, both now and into the future.
Regardless of whether cybersecurity is managed in-house or outsourced, it should feature advanced security capabilities such as intrusion detection and prevention, and a safe tunnel for remote employee access. It is imperative that these features integrate with one another to allow for timely incident response or prevention. If data is breached or a system goes down, time is of the essence.
Make a data backup and recovery plan
If an organisation’s facility is impacted, it must have a plan for how to access its data. Businesses using disaster recovery as a service (DRaaS) have the advantage of being able to access their backups from anywhere, even if their primary facility has been affected. As capacity grows, they have the potential to leverage various cloud models – private, community and public cloud – depending on the use case. When recovery is necessary, stored data can be restored to either virtual or physical machines.
What many cloud providers tend to de-emphasise, however, is that while the environment might be available, bandwidth limitations can extend recovery times, especially when recovering a large amount of data and applications. For this reason, many businesses are complementing cloud backups with an on-site storage appliance, which allows data to be recovered within hours or even minutes.
If the business’s facility is impacted, recovering the data stored on the appliance would require either accessing an alternate backup stored at an off-site location or waiting until the business regains access to the facility, assuming it’s still intact.
With the right support, however, a hybrid approach to disaster recovery reduces the overall risk of downtime. Some DRaaS providers, but not all, can assist with recovering the data and applications stored on the appliance through the cloud. Others will provide the appliance but leave maintenance up to the client. The key is to know upfront what level of support the vendor can provide and plan accordingly.
Ensure ongoing monitoring
Even if a business has invested in top-of-the-line cybersecurity solutions and backed up data to multiple targets, the organisation still risks downtime if the entire environment isn’t properly monitored. To assess whether or not a business has the resources required for adequate oversight of the environment, it should consider the following questions:
- Is there any period of time when the environment is unmonitored (e.g. during shift changes or holidays)?
- Do any on-site IT personnel lack the skills required to manage software settings, remediate failures, and so on?
- When considering past downtime events or security threats, were the systems always brought online or the threats mitigated within the required time frame?
The greater the number of yes responses, the greater the risk of downtime. Some businesses might indeed have the resources required for ongoing monitoring. For those that don’t, it is worth considering outsourcing cybersecurity monitoring and DRaaS. Vendors offering these services should provide service level agreements (SLAs), 24/7/365 support and the services of qualified engineers.
Cloud computing offers the potential for greater business agility, but unless a business has the right support, it is all but guaranteed to experience downtime.