By Mark Riffey, 7-18-12
You look at those prices for cloud services and think you're getting a deal.
Fact is, you are
. You're hiring a professional staff to run your systems in a very-high-quality environment and paying little for it.
But are you using these cloud services in a way that protects your business?
A Forbes analysis of the Northern Virginia Amazon cloud outage from Friday's storm
doesn't clarify who does / doesn't use the NoVa cloud site vs. who had a better redundancy setup.
Netflix and Instagram are likely re-examining their use of cloud services. I doubt they'll eliminate Amazon as what happened in Northern Virginia can happen anywhere. They'll likely discuss cost-effective means of increasing redundancy that leave them less sensitive to single location failures.
Questions to consider
Redundancy with transparent switchover to backup systems with no data loss is ideal. Do you need that? Can you afford it?
Ask the right questions
when designing your use of cloud services:
- How much downtime are your customers (internal or external) willing to tolerate?
- Do you know what an hour of downtime costs internally (lost productivity, inability to serve customers) and externally (refunds, lost customers).
- Given those costs, how much downtime can we afford?
- What notification mechanisms do you need to have in place to switch? (or is the switch automatic?)
- What do I want to happen when a failure occurs?
- What am I willing to pay for my desired level of redundancy?
- What will a failure that doesn't use this level of redundancy cost my business?
- How do you switch to the redundant system? Is it manual? Transparent?
- Does your vendor offer redundancy? How does it work?
- Are your vendor's redundancy sites geographically dispersed?
- How does my data get replicated?
This really isn't about Amazon. It's necessary to protect your business whether you use Rackspace, Amazon, Microsoft Azure or other cloud services. The key is knowing what you want to happen when a failure occurs and designing it into your processes.
Why not keep it all in-house?
It's tempting to keep your data in-house. It somehow seems cheaper and there's the impression that it's more secure. Evidence indicates locally-hosted data has its own risks
Locally-hosted systems have a single point of failure. I've had clients whose businesses have burned or flooded and others whose servers were stolen. Without a remote location to transition to, you're down. Can your business handle that? If so, for how long?
Security of internal business data is a concern with cloud vendors. High-quality cloud vendors obtain security certifications like SAS70 (financial industry), HIPAA (health care) and PA-DSS (credit cards), which require regular audits to ensure continued compliance. Companies who keep their data internal are subject to them as well - yet they still suffer data loss
Local data storage doesn't allow you to escape expensive HIPAA or PA-DSS compliance if those requirements apply to you. In the financial industry, systems are sometimes subject to examination by the OCC (Office of the Comptroller of the Currency) and/or other agencies. But that doesn't prevent data loss
Regardless of system/data location, security should be designed into business processes rather than added as an afterthought.
Electrical power and internet
Cloud vendors use industrial-class electricity supplies with diesel backup generators. Their investment in these backup systems vary both in capacity and available time-on-generator, so ask for details. A site's ability to run on diesel for two weeks isn't nearly as important as your ability to switch to another facility in two hours...unless they don't have two hours of generator time.
You can (and should) use an uninterruptible power source (UPS, aka battery backup) with automatic voltage regulation (AVR) to protect your local systems, but you're still face internet-related downtime if remote staff/clients need to access locally-stored data.
Cloud vendors have multiple very-high-speed internet providers so that they are not subject to pressure from any single vendor and so that a single vendor's downtime doesn't bring the entire location down. You can do the same, but most small businesses don't. If remote connectivity is critical to your business, it's a smart strategy.
Whether your systems are local, cloud-based or both - plan for what happens when the lights go out. It just might save your business.
[End of article]