Hosting applications on the cloud is a natural progression for many organisations. There are tremendous benefits of cost, scale and flexibility, as well as a wide array of services available that can help companies of all sizes remain competitive. Companies can also take advantage of these services on a pay-as-you-go basis or guaranteed availability, depending upon organisational requirements.
This is especially true for companies based in Singapore, which is emerging as a regional data centre hub for cloud solutions, complete with well-established cloud infrastructure[i]. However, IT managers need to also be aware of some of the associated challenges, and how to prepare for them.
For example, as many hosting providers maintain multiple data centres, IT managers often assume that disaster recovery (DR) is either inherent in the architecture or that it doesn't warrant concern. However, DR preparedness is not the default configuration for most providers who offer cloud storage infrastructure, which merits attention given that a recent survey by EMC found that 71 percent of Asia Pacific and Japan companies experienced electronic data loss or system downtime in the last year.[ii]
It is clear that DR needs to be one of the top priorities for companies and that IT managers who are planning to or already have hosted applications through cloud providers should perform the same DR due-diligence they would for in-house infrastructure. With this in mind, here are five steps that organisations can take to protect their data hosted on the cloud.
1. Assessing the Risks
Cloud data centres are vulnerable to a range of disasters. Some are natural, such as floods, tornadoes or earthquakes. Others are man-made, such as terror attacks. A data centre can fail for technical reasons, or even because of business or other challenges faced by the data centre provider. Some disasters strike a site, others an area or an entire region. IT managers must not only consider the full range of possible risks to a cloud provider, but how they would complete a recovery in each circumstance.
2. Determining Requirements
IT organisations must classify their recovery requirements in the context of the Recovery Point Objective (RPO), the amount of time for which data loss can be tolerated, and Recovery Time Objective (RTO), the maximum tolerable time for recovering the data and bringing the application back online.
RPO and RTO requirements are driven by the cost of downtime. This can include loss of revenue, employee productivity, customer goodwill and/or reputation. Tangible financial losses are the easiest to consider and most directly correlate to the cost of mitigation. Loss of customer goodwill and reputation are less tangible, but just as important.
3. Understanding DR Options
Sign up for CIO Asia eNewsletters.