Those Clouds Have Rocks!
When I took flying lessons, my instructor would always warn, “watch out for the rocks in those clouds”. What he meant was you might encounter hidden dangers - dangers that pretty much only occur in the clouds.
Similarly, there are a number of hidden dangers when running your business on a cloud-centric IT architecture, whether you are privately developing and managing that infrastructure, utilizing SaaS applications, or cloud-hosted applications. So if your business depends on the cloud, be sure you’re not vulnerable to spinning out of control should you encounter a “rock in the cloud”!
- Uptime: What are the quality of service metrics or guarantees in your service agreement(s)? What is the “worst case” impact on your business if an outage occurs? Keep in mind the outage is not just the hardware/software uptime, but includes response, repair, and test time in the restoration – so if the stated outage is 99.999% you would only lose 5.39 minutes in an year – versus 99.99% which would be 53 minutes! The specific definition of “outage” is important, too. What are the penalties, recourse, and recompense if the outage exceeds the stated level? Finally, how does your business continuation insurance policy cover an outage?
- Security: This is the more obvious “rock”, but an increasingly public and important one to understand. Many security issues surround data-at-rest and data-in-flight, especially outside your physical facility and geographic location – from compliance with data protection laws such as GDPR, or HIPAA, to your own data governance plan and protection from breaches or attack.
- Reliability/Redundancy: What backup plan exist or have been tested? What if your internet access goes down? What if your desktop clients go down (internal network) or get hacked? Two providers for your internet access, with different physical paths to the building, and 4G cellular radio as final fall back are possibilities, but have you tested your fail-over process?
There are certainly tremendous benefits in moving to the cloud – such as the vast investment in R&D that providers such as Amazon, Google and Microsoft are pouring into their offerings, not to mention that of the solution providers.
However, to maximize the benefit, your plan needs to be comprehensive; inclusive of all elements of infrastructure, disaster recovery, business process, management (of every element and level), seamlessness of user interface, data management, governance and security to name just a few. Oftentimes, getting a review of your plan from an outside perspective can help you quickly identify any hidden “rocks in the clouds” and is well worth the extra time or money to save you from “what you don’t know you don’t know”.