Google has announced this week that they are going to compete with Dropbox and Sugersync by announcing their cloud storage system Google Drive. Many of us use these systems to share home files and photos with friends or a way of backing up our personal data. The system works well in that as soon as a file is saved on our laptop the system saves it off site to the Cloud.
One of our tutors was going off to see a client to do some BIA training. An hour before the first meeting she dropped her computer which refused to boot up. She had been working on a presentation for the workshop down on the train. As she had saved the latest copy she was able to retrieve an up to date copy from the web and then use the client’s computer to play the presentation.
Many organisations are using cloud services instead of hosting the data in house or they are buying software as a service and are paying a monthly fee for use of the software. The advantage is that the software is housed in more resilient data centres than most small or medium organisations can afford and the cloud providers can employ the specialist IT people to manage the systems. Much of the hassle and risk seems to have been taken away. Although the risk seems to be managed elsewhere, as business continuity people I think we should take a little more interest in our cloud providers and understand properly the risk and vulnerabilities of their operations.
This was brought home by a recent email from our cloud Customer Relationship Management (CRM) system provider.
We received an email from our provider stating that their data centre (where our data is stored), was becoming full and that they needed to transfer ours to one of their other data centres, thus resulting in some downtime. I did not think much of this until I received a further email informing me that the transfer was unsuccessful and that they had to move our data back to where it was originally held. Furthermore, I was informed that during this process (moving our data) there had been some indexing problems which they were currently in the process of trying to solve.
The tone and information in the email suddenly and brutally brought home to me the risks associated with cloud computing. Although, if you purchase software as a service or have a cloud provider to store your data, they will probably have better resilience you can afford, but they still suffer from some of the same issues as if you were hosting the data yourself. For example, the movement of data can still go wrong and what seems to be a relatively simple transfer of data can suddenly turn into a major problem. The downside to this is that instead of being part of the same organisation, the IT people and the user are not under the same umbrella therefore making it difficult to have some personal interaction, ask questions and be able to escalate problems. Instead you are just another one of thousands or tens of thousands of anonymous customers. If we were very unlucky, as happened in April 2011 when Amazon had a number of server issues, it was possible that we could have lost our data forever.
Your cloud computing provider should be treated the same as any other supplier and you, or at least your IT people should understand where your data is housed, what backup is in place and how to contact the organisation if there is an on site issue. You should also monitor the company to make sure that if it is having issues such as financial problems that you know early so that you can switch to another provider or retrieve your data before it may become inaccessible. So in conclusion cloud computing has lots of advantages and can make our organisations more resilient, but their use is not risk free and as business continuity people we should investigate and understand those risks.