This is the 2nd in a series of articles examining the “myths” of today’s Business Continuity Management industry.
The emergence of “Cloud” technologies in the past decade has created both benefits and risks. Whether simply backing critical data up in the cloud, moving applications there, or implementing a full-fledged DRaaS (Disaster Recovery as a Service) program, it is important to remember Murphy’s “law” that says “Anything that can go wrong, will” supplemented with MacGillicuddy’s corollary: “At the most inopportune time”.
The ‘myth’ in the case of the Cloud is simply set it and forget it. C-suites all over the world have been lulled into the belief that they no longer have IT risks because their data is in The Cloud. It’s not that simple – or that easy. Potential risks in the Cloud are no different than those in a corporate data center: cyber security, data corruption and potential data loss or breach.
Some make the mythological assumption that clouds don’t fail. They do – and more often than you think. A similar assumption is that data in one of the major player’s clouds is immune to failure. The reality is Microsoft, Apple, Verizon, Google, Fujitsu and Adobe Clouds have all had failures. And that’s just in 2015 (so far)!
Unfortunately, we’ve begun to see organizations that have abandoned/shelved their Business Continuity Programs (planning for recovery of Business Processes) because of the Cloud. After all, they claim, if we can never lose our ability to access our critical data, we don’t need to waste time on planning for physical disasters. It defies logic, but it exists nonetheless.
And finally, there is the phenomenon you might call ‘one-way DR’. That’s where there’s a comprehensive plan to shift all user applications to the Cloud in the event of a data center meltdown or infrastructure disruption – but no plan for returning from the Cloud once the disruption is over.
Is the Cloud a viable tool for DR? It could be; perhaps it should be. But that doesn’t absolve DR planners of the need to test their strategy, or plan to pull back operations from the Cloud after the smoke clears. And it certainly isn’t a fool-proof, no-risk, turnkey strategy that allows anyone to throw out their Plans for recovering Business processes and functions. It could mitigate one of the ‘holy trinity’ of BC planning assumptions: Loss of Technology.
There are serious considerations that must be made before (and after) adopting a Cloud DR strategy. As the prevalence of Clouds grows, their reliability may grow with them – along with their security. But for now, don’t believe the myth (propagated mostly by supplier hype) that The Cloud is a substitute for Business Continuity Management and IT Disaster Recovery planning.
The Cloud myth just got busted. Check out the upcoming Myth Buster article next Tuesday which will focus on the Myth of BC Plans for Departments.
