Business continuity in the cloud: Benefits and planning tips

Benefits of cloud business continuity

There are numerous benefits to using the cloud for business continuity (BC). The most obvious is that on-premises workloads can be configured to fail over to the cloud, substantially reducing an organization's downtime. This enables mission-critical applications to run even if the organization experiences data center issues.

The cloud also simplifies disaster recovery (DR) planning. On-premises continuous data protection offerings can often be configured to write a backup copy to the cloud. This ensures that critical data is replicated to an off-site location where it's protected against disasters that might affect the data center. An organization could also use a cloud-based disaster recovery service, which can be a less expensive and simpler alternative to a custom cloud-based DR offering.

Organizations can use the cloud to scale workloads running on premises. During periods of peak demand, a cloud service can be configured to automatically provision additional VMs to cope with the increased workload.

Similarly, cloud services can help reduce the effect of a DoS attack. Such attacks seek to overwhelm IT resources to the point they are unable to handle normal workloads. Depending on the severity of the attack, workloads can become sluggish or completely unavailable. Because cloud services can scale to meet demand, an organization might be able to use cloud resources to reduce the effect of the attack so business can continue as normal.

Finally, business continuity in the cloud reduces recovery time in the event of a disaster by ensuring that recovery operations can be performed in a minimal amount of time.

What to consider when implementing cloud business continuity

Entire books have been written on what must be considered when planning for business continuity in the cloud. However, there are several things that must be considered above all others.

• Cost. Although the public cloud was once known as an inexpensive alternative to on-premises operations, those savings have become more difficult to realize in recent years. As such, it's important to know how much your BC plan will cost.
• Hardware and software compatibility. Some applications won't work in the cloud, while others will function in the cloud but are too costly to run in that environment.
• Cloud provider's reputation and what they're doing to ensure business continuity. You shouldn't trust your mission-critical workloads to a provider with a reputation for periodic outages or one that could go out of business next week. A reputable provider should offer a service-level agreement that guarantees a minimal level of service.
• Data ownership. Your provider should be transparent about where your data will be stored, and the terms of service should ensure you retain ownership of your own data.
• The cost of getting your data out of the cloud. Most cloud providers charge a data egress fee for any data moved off the cloud. This includes data that is migrated to an organization's own data center or to another cloud. These fees can be quite substantial, so it's important to know how much it will cost to move your data elsewhere. Even if you don't plan to take your data out of the cloud, there are certain backup and recovery operations that can trigger data egress fees. Ensure you're aware of when such fees can be incurred.
• Who is responsible for backing up data and what methods will be used? Most cloud providers have adopted a shared responsibility model in which the provider is responsible for maintaining the underlying infrastructure, and subscribers are responsible for backing up and protecting their own data.
• Cost and availability of support within the cloud. It's important to verify that help will be available in times of crisis, and what that support might cost.
• Security. Check to see if your cloud-based BC plan will undermine security. This is especially true in regulated industries where penalties can be incurred for breaches or violating security best practices.

How to implement a cloud-based business continuity plan

The process of creating a cloud-based BC plan will vary from one organization to the next. However, there are some high-level steps that will be common to most organizations. These steps include:

1. Audit your distributed platform, including all devices, users, software and hardware. It's impossible to develop a cloud-based BC plan unless the organization knows its existing IT footprint.
2. Conduct a risk assessment. To develop an effective BC plan, an organization must identify potential risks to business operations. Although it's impossible to identify and compensate for every conceivable risk, organizations should work to identify and mitigate those risks that are most likely to occur and have an adverse effect on the business.
3. Include cloud services in the business impact analysis (BIA). An organization will most likely perform a BIA for each risk it has identified. Part of this process should include determining the role the cloud can play in reducing or eliminating each risk.
4. Document workarounds. For each identified risk, identify specific cloud services that can be used to ensure ongoing business operations during times of crisis.
5. List all key cloud service contacts. Any BC plan should include contact information for IT staff members, support personnel and cloud service providers that might need to assist you as you shift mission-critical workloads to the cloud.
6. Describe how work will continue if on-premises apps are down and the cloud is still available, and vice versa. Business contingency plans created around the cloud are based on the premise that a catastrophic failure could occur in the organization's own data center, but that cloud services will continue to be available. However, the opposite could also be true. Ensure your contingency plans include situations in which the cloud is down but on-premises operations are still functional.
7. Test all cloud-related parts of the plan. Testing is a key aspect of any BC plan, so don't wait until disaster strikes to find out whether or not the plan works. Plans should be tested, refined and retested early on. It's also important to occasionally retest your plans.