2017 in Business Continuity: The Year of the Cloud

Richard Long

In our 2017 recap, we’re paying particular attention to SaaS, IaaS, and DRasS—and what business continuity and the cloud means for you.

From a business continuity and disaster recovery point of view, 2017 might go down as the year of natural disasters, but there are some other issues which will probably have longer-term impacts on business continuity.

There were many high-profile disasters, natural and otherwise, but it was our continued shift toward cloud-based computing solutions that had the most significant impact on the world of business continuity and disaster recovery.

In this post, we’ll look back over the year just past, paying particular attention to the explosion in business use of three types of cloud solutions—software as a service (SaaS), infrastructure as a service (IaaS), and disaster recovery as a service (DRasS) —and on the impact of this change on the practice of business continuity.

We’ll also touch on a few critical problems with cloud-based solutions that surfaced over the course of the year. These issues did not outweigh the many advantages of the cloud solutions, but BC professionals should be cognizant of them and work to address them within their organizations.

2017 saw its fair share of natural and man-made disasters, from the hurricanes in Texas, Florida, and Puerto Rico, to the wildfires in northern and southern California, to various events of violence and terrorism, to the 11-hour power outage at the Atlanta airport.

However, behind the headlines, the big story in the world of business continuity and disaster recovery was the acceleration of the trend of businesses turning to cloud-based solutions for data and computing functions which were formerly run on servers based on their own physical premises.

Several factors have driven the shift, including the robustness and cost efficiency of cloud-based solutions and the desire of many organizations to take advantage of the opportunity to contract out some functions (such as CRM, HR, and email) enabling them to focus IT resources on their core missions and revenue-generating activities. Some of these services include critical back-end or monitoring functions that support the primary functions, like security or equipment monitoring or financial transaction processing.

From the business continuity perspective, this shift has a lot to recommend it and comparatively little downside, provided you take certain precautions. To use one example among many, businesses that recover to the cloud save themselves the trouble and expense of keeping (rarely used) physical servers and backups in alternate facilities, and the reliability of cloud-based backups is comparable to that of traditional backups.

Software as a Service (SaaS)

Of the three business functions, software as a service (SaaS) was the most widely implemented in 2017. Email was probably the most critical application, with most organizations going with one of the two leading vendors, Microsoft (Office 365) and Google (Gmail). There were also a significant number of businesses turning to the cloud for other types of services, such as customer relationship management (CRM), vendor management, and human resources systems.

Infrastructure as a Service (IaaS)

With infrastructure as a service (IaaS), infrastructure (servers, storage, and some network services) are maintained virtually, in the cloud, rather than physically at one of the organization’s facilities. The two most recognized IaaS providers are probably Amazon Web Services (AWS) and Google Cloud Platform (GCP). IaaS continues to grow in usage as an extension of traditional data centers. From a BC/DR perspective, IT organizations are using it for recovery rather than building out alternate sites. We see this is especially true for less critical applications and environments.

Disaster Recovery as a Service (DRaaS)

Disaster recovery as a service (DRaaS) is where, instead of recovering to a server at an off-site location managed and administered by the organization, businesses utilize a third party to manage the backup/replication or servers, and recover into the cloud. This saves the organization the burden of maintaining an alternate DR environment. Think of DRaaS as just SaaS for DR. DRaaS gained traction in 2017 with organizations performing small implementations and moving less critical environments before making it the primary solution.

What to Watch For

The most notable issues with these three services are that organizations – including IT teams – often think they no longer need DR when using them. That is not reality. The way you implement DR and BC may be different, but the need remains constant. That way of thinking pushes your DR capability out of your control to a third party who does not understand your business or criticality. And don’t forget that you will be one of many competing clients and priorities.

Also, no matter the type of service used, the “cloud” is still just a bunch of servers and storage running in data centers; we’ve just virtualized everything. It is not magic but software.

If 2017 showed the increasing viability and advantages of cloud-based computing, it also revealed a few important issues where awareness has lagged behind:

  • The rising importance of having a secure, reliable internet connection. The more you rely on the internet, the more reliable your internet connection needs to be.
  • The need to adequately vet cloud services. There is a tendency to assume that everything in the cloud is safe and executed with a high level of professionalism and security. There’s also a tendency for things that are out of sight to go out of mind. Organizations must vet their cloud-service providers just as they would any other business-critical vendor.
  • The pitfalls of shadow IT. It’s so easy these days for departments to set up a server and start running their own apps that many are doing it, often without the knowledge or approval of their organization’s IT department. This adds a lot of complexity to the task of backing up the organization’s data. Achieving successful backups and restoration in the cloud requires that you understand and account for shadow IT network issues at your organization.
  • The need to read the fine print of your DR guarantee. Many SaaS providers make impressive guarantees regarding how quickly they can restore your data and get you back online in the event of an outage. They might guarantee “five-nine” availability (99.999%) or promise to get you back up and running within four hours. The availability and reliability of most SaaS services is excellent. However, if you read the fine print of most SaaS service contracts, you will see that most providers limit their liability to that month’s subscription fee (not the lost costs or revenue), in the event they can’t meet the guarantee. To truly guarantee a high level of availability and speedy recovery time, the organization would have to purchase an additional recovery subscription.

If you and your organization keep these cautions in mind as you move farther into the cloud in 2018, you’ll be able to maximize the benefits of the new technology while minimizing the costs and risks.

risk management trends