In my activity as a certified consultant for business continuity administration, I am frequently asked my opinion about the cloud, specifically:
• If it is reliable
• If I recommend it as a valid option for disaster recovery purposes
Before giving my opinion, I would like to
clearly establish what the cloud is:
• It is NOT a physical destination, nor is it necessarily outsourcing
• In reality it is a new focus of IT and a new model of how IT services are designed, delivered, and managed
• The definition of Cloud Computing published in September 2 011 by the National Institute of Standards and Technology (NIST) is the following: “Model that permits convenient on-demand access
via the internet to a shared collection of computer resources (for example, networks, servers, storage, applications, and services) that can be supplied and opened rapidly with minimum effort of administration or interaction with the service provider.”
We should accept that the cloud is here to stay and should not be treated as a passing fad. The quantity of services we receive daily via the cloud is impressive. Like everything related to technology, we should utilize available resources in accordance with our own specific needs, whether on a personal or business level.
Before deciding to make use of the cloud because it is a fashionable technology, I recommend that you first clearly establish your need and available budget. In order to better evaluate the available options in the market and to determine which one will best meet your needs, it is helpful to complete a cost analysis up front.
Adoption in Latin America
Unfortunately, statistics and market studies (benchmarking) do not yet exist in the Latin American market that permit me to establish objectively the popularity that the Cloud has in our different countries. However, it is my impression that big businesses still view the use of the cloud with a certain suspicion, primarily out of concern for information security. Smaller businesses demonstrate a growing interest in the use of the cloud because it represents a cost savings for them in terms of equipment and software acquisition.
Two very important criteria that we should take into account when making a decision are the reliability and availability of the solution that we want to access through the cloud.
I would like to clarify that personally, I am not a fan of social networking or of any solution that is based on the cloud, because I give great importance to the concept of privacy, both on a personal and business level.
If your services depend greatly on the availability of IT resources, you should consider whether it is always better to be the owner of your own destiny of if it can be left in the hands of a third party. This is often the case with the cloud, which often does not even have a face. Technology does not pledge its word of honor. It will fail at the least
The Cloud as a Recovery Strategy Option
Finally, I will come to my opinion as to whether or not I recommend the cloud as a recovery strategy option for contingencies. When reviewing it as an option, it is important to properly evaluate the pros and cons of adoption. Consider the following:
• Your cloud will be utilizing resources that other users will also be using, so it will be competing for the use of resources.
• As the demand for those resources increases, there will be delays in response time and eventually the possibility will increase that some resources may be saturated and brought to a standstill.
• In order to obtain the benefits that the cloud offers, it is extremely important to establish constant, reliable, and rapid connections.
• When evaluating cloud providers, be sure to revise security and data protection (back up, recovery, and associated services) and maintain hard copies at all times.
• Be sure that all the businesses that you interact with in the cloud protect their—and your—resources.
• Failures are part of life, so do not be overly confident. Resources in the cloud are also vulnerable.
• If your DRP is considering cloud connection as a strategy in case your primary connection fails, be sure to constantly test this option.
• Evaluate your own virtual actions in a contingency scenario including: crisis management committee meetings, crisis communications, and resumption of critical functions.
• If the regulations of your industry are very strict in terms of privacy of information, data storage in the cloud is not an option.
• Do not put sensitive information about your customers in the cloud or any other information that would provide someone else with a competitive advantage if accessed.
• If your business is in the cloud, so are the hackers and data thieves.
• Single point of failure also applies to the cloud. Do a detailed analysis.
• Take into account that there is little or no legislation regarding cloud use and responsibility. If something fails, it will not be easy to take action against the responsible party.
And lastly, remember to always have a plan B ready in case of the failure of Plan A.
Bio: Manuel’s areas of expertise include Business Continuity Management, Crisis Management, Emergency Response and Crisis Communications. He has a BS in Business Administration from the Universidad Nacional Autonoma de Mexico. He is a Certified Business Continuity Professional (CBCP) and a DRI Certified International Instructor. He has been invited as a key note speaker at several international conferences and seminars and has helped Latin American companies in many different industries, including financial, manufacturing, and insurance. He is a member of the Board of Directors of ALCONT (Latin American Association of Continuity), founded in September 2010, and of the Editorial Advisory Council of the DRJ magazine in Spanish (Disaster Recovery Journal), which began operations in November 2011.