Business continuity in the cloud: Benefits, issues and tips

What is business continuity in the cloud?

Business continuity (BC) in the cloud does not refer to one product or technology but an organization's ability to quickly recover from various types of business disruptions by using cloud-based resources. These business disruptions might include power outages, cyberattacks or even natural disasters.

The problem with traditional, on-premises infrastructure is that there is almost always a single point of failure. Even if an organization were to make all the infrastructure components used by a particular workload fully redundant, the data center itself could become a single point of failure.

If, for example, a natural disaster were to take the data center offline, then any workloads running within the data center would also go offline, regardless of any redundancy within the data center. The only way to protect against these types of events is to design workloads to fail over to a secondary location. While a workload could fail over to a secondary data center, it is almost always more cost-effective to fail workloads over to the cloud.

5 benefits of business continuity in the cloud

There are numerous benefits to using the cloud for business continuity.

Less downtime

The most obvious benefit to cloud-based business continuity is that on-premises workloads can be configured to fail over to the cloud, substantially reducing an organization's potential for downtime. This enables mission-critical applications to continue running, even if the organization experiences data center issues.

Simplified disaster recovery planning

The cloud also simplifies disaster recovery (DR) planning. On-premises continuous data protection offerings can often be configured to write a backup copy to the cloud. This ensures that critical data is replicated to an off-site location where it's protected against disasters that might affect the data center. An organization could also use a cloud-based disaster recovery service, which can be a less expensive and simpler alternative to a custom cloud-based DR offering.

Increase capacity on demand

Organizations can use the cloud to scale workloads running on-premises. During periods of peak demand, a cloud service can be configured to automatically provision additional VMs to help cope with the increased demand.

Similarly, cloud services can help reduce the effect of a denial-of-service attack. Such attacks seek to overwhelm IT resources to the point that they are unable to handle normal workloads. Depending on the severity of the attack, workloads can become sluggish or completely unavailable. Because cloud services can scale to meet demand, an organization might be able to use cloud resources to reduce the effect of the attack so the business can continue as normal.

Shorter recovery time

Business continuity in the cloud can reduce recovery time in the event of a disaster. In such a situation, an organization would likely fail over to a cloud-based instance of the workload much more quickly than it would be able to perform a traditional recovery.

Geographic redundancy

Finally, the public cloud offers geographic redundancy. This means that while an organization could fail over a workload to a cloud in the same region as the organization's data center, it could just as easily fail over to a different region. This helps to provide insulation against regional natural disasters.

Additionally, many cloud providers enable users to create multiple workload copies, spread across various regions and availability zones. That way, if an organization needs to fail over a workload and the cloud provider is experiencing problems, the workload could be failed over to a different cloud in another region.

How to implement a cloud-based business continuity plan

The process of creating a cloud-based BC plan will vary from one organization to the next. However, there are some high-level steps that will be common to most organizations.

These steps include the following:

1. Audit your distributed platform, including all devices, users, software and hardware. It's impossible to develop a cloud-based BC plan unless the organization knows its existing IT footprint.
2. Conduct a risk assessment. To develop an effective BC plan, an organization must identify potential risks to business operations. Although it's impossible to identify and compensate for every conceivable risk, organizations should conduct a risk assessment to identify and mitigate risks that are most likely to occur and have an adverse effect on the business.
3. Include cloud services in the business impact analysis. An organization will most likely perform a business impact analysis (BIA) for each risk it has identified. Part of this process should include determining the role the cloud can play in reducing or eliminating each risk. At the same time, however, there might be situations in which the cloud resources might increase certain risks or even introduce new risks. Those findings should be a part of the BIA as well.
4. Document workarounds. For each identified risk, determine specific cloud services that can be used to ensure ongoing business operations during crises.
5. List all key cloud service contacts. Any BC plan should include contact information for IT staff members, support personnel and cloud service providers who might need to assist in shifting mission-critical workloads to the cloud.
6. Describe how work will continue if on-premises apps are down but the cloud is still available, and vice versa. BC plans created around the cloud are based on the premise that a catastrophic failure could occur in the organization's own data center, but cloud services will continue to be available. However, the opposite could also be true. Ensure your continuity plans include situations in which the cloud is down but on-premises operations are still functional.
7. Test all cloud-related parts of the plan. Testing is a key aspect of any BC plan, so don't wait until disaster strikes to find out if the plan works. Plans should be tested, refined and retested early on. Remember, testing your plan gives you the opportunity to spot any problems before they show up during a real-life disaster. It also gives you the opportunity to determine how much a real-life failover is likely to cost. Finally, testing might help to identify ways to optimize the infrastructure.

Issues to consider when implementing cloud business continuity

Entire books have been written on what must be considered when planning for business continuity in the cloud. However, there are several things that must be considered above all others.

Ongoing costs

Although the public cloud was once known as an inexpensive alternative to on-premises operations, those savings have become more difficult to realize in recent years. As such, it's important to know how much your BC plan will cost. There will typically be ongoing costs associated with implementing workload redundancy in the cloud, but those costs will likely spike dramatically in the event of a failover. This occurs because the cloud resources suddenly consume far more hardware resources and network bandwidth to support an active workload.

Hardware and software compatibility

Some applications won't work in the cloud, while others will function in the cloud but are too costly to run in that environment. You might also find that certain workloads are not licensed for cloud use.

Your results might vary -- a lot

Although cloud-based redundancy works well for some workloads, it is not practical for others. If, for example, a workload has numerous dependencies on external services and services that run in your data center, then the workload might be extremely sluggish when running in the cloud -- if it even runs at all. This is because of the overhead involved in communicating with the various dependency services.

Cloud provider reputation

You shouldn't entrust your mission-critical workloads to a provider with a reputation for periodic outages or one that could go out of business next week. A reputable provider should offer a financially backed service-level agreement that guarantees a minimum level of service.

Data ownership

Your provider should be transparent about where your data will be stored, and the terms of service should ensure you retain ownership of your own data.

The cost of getting your data out of the cloud

Most cloud providers charge a data egress fee for any data moved off the cloud. This includes data that is migrated to an organization's own data center or to another cloud. These fees are designed to be punitive to discourage migrating away from a cloud, and they can be quite substantial. It's important to know how much it will cost to move your data elsewhere.

Some cloud providers have begun waiving data egress fees when egress operations occur as a part of a disaster recovery event. Even so, there can be significant caveats attached, and it can be easy to end up with a hefty bill.

Even if you don't plan to remove your data from the cloud, certain backup and recovery operations can trigger data egress fees. Make sure you're aware of when such fees can be incurred.

Who is responsible for backups?

Most cloud providers have adopted a shared responsibility model in which the provider is responsible for maintaining the underlying infrastructure and subscribers are responsible for backing up, securing and protecting their own data. Make sure that you have a plan for cloud-based data backups.

Even if the workload that resides in the cloud is nothing more than a replica of what you have on-premises, that replica will begin to accumulate unique data if a failover occurs. You will need to have a way of backing up this unique data to avoid a potential data loss event.

Cost and availability of cloud support

It's important to verify that help will be available in times of crisis, and what that support might cost.

Security

Check to see if your cloud-based BC plan will undermine security. This is especially true in regulated industries where penalties can be incurred for breaches or violating security best practices.

Industry examples of business continuity in cloud computing

Cloud-based business continuity is used across a wide range of industries. Here are some examples of how different industries might use the cloud for business continuity:

• Healthcare. Hospitals might replicate electronic health records to the cloud so that those records will be available during an outage. If, for example, a hospital is hit by a ransomware attack, it can conceivably fail over to the cloud in a matter of minutes and regain access to critical patient health data.
• Financial services. Maintaining uninterrupted operations is critical for organizations providing financial services to customers. Financial organizations that store confidential customer information might geographically disperse this information across different clouds to prevent data loss and provide file access in an outage.
• Manufacturing. Businesses that rely on the supply chain can use the cloud to maintain production continuity. For example, engineers might use the cloud to remotely diagnose equipment issues or rapidly deploy maintenance teams, reducing the risk of downtime.

Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America.