Would you do your entire disaster recovery in the cloud?
It was the question that Equis, Asia’s largest independent infrastructure and real asset investment management firm, faced.
The Singapore-headquartered company wanted a cloud-based disaster recovery system. But it wanted to do it in the cloud.
The motivations were clear: protect their operations against incidents while enjoying the scalability of cloud.
Lined with misconceptions
While the benefits are clear, the path to cloud or even multicloud is not. Fear, misconceptions, old wive’s tales and the fear of the unknown make it feel perilous.
Sandeep Bhargava, managing director of Asia Pacific Japan (APJ) at Rackspace feels part of the problem lies in our inability to understand cloud or multicloud architectures.
Take disaster recovery as an example. “The need to restore data and infrastructure is often overlooked due to the belief that being in the cloud equals a built-in disaster recovery plan.”
Cloud vendors are not helping when they quote uptime values of over 99.95%. “There is a perception that the cloud never fails, and that the vendor is responsible for all infrastructure and its recovery in the event of a failure,” adds Bhargava.
In truth, vendors and their customers need to get involved. “Like security, a disaster recovery plan requires each part of the team to be prepared for the unseen and unknown,” says Bhargava.
The truth is out there
Bhargava advises that IT leaders should not assume cloud providers are not secure, “but at the same time, they should not also assume that they are completely secure.”
He adds that the cloud platform provider is responsible for securing cloud services, but companies need to ensure that their environment is configured with a “security first mindset,” including how they manage sensitive data.
A multilayered approach to cloud strategy helps. “To minimize cloud risks, organisations need to have a multilayered security strategy across on-premise and multiple clouds to provide detection, response and remediation,” he says.
To develop such an approach, CDOs and CISOs need to work closer. “Chief Information Security Officers (CISOs) will also need to work across more departments in 2020 to ensure that security is not overlooked when innovative solutions and new business processes are introduced,” Bhargava observes.
Steps before cloud security
So how can companies address cloud security? Bhargava shares some insights:
Debunking the multicloud security myth
Bhargava attributes much of what makes multiclouds insecure is a myth.
“More clouds, more problems? This myth centres on the fact that with the increasing complexity of multiple clouds, there is a greater risk of security issues. However, this is not necessarily true if the infrastructure is well managed,” he explains.
Bhargava feels that we should look at multiclouds from an opposing view— “How can a multicloud strategy enable enterprises to be more secure and compliant.”
He sees multicloud security reducing vulnerabilities. “Through the proper utilization of multiple clouds, risks such as the loss of or application downtime due to a localized failure can be mitigated.”
Multiclouds can also help businesses to address data security issues that on-premises can’t.
Take, for example, complying with the General Data Protection Regulation (GDPR) or local data privacy regulations. “The leading cloud providers all have data centres across the globe, so companies that require data for specific workloads to reside within particular national boundaries can easily do so through a multi-cloud strategy,” Bhargava describes.
Maximizing the partner effect
It is what Equis did. They engaged Rackspace’s Professional Services team to build a tailor-made, cloud-based disaster recovery system.
The move assured that Equis’ operations will continue when an incident occurs as the new disaster recovery system “can deliver recovery point objective (RPO) and recovery time objective (RTO) by over 80%.”
Equis’ move also highlights the value of engaging a managed service provider.
“These digital business and IT opportunities can be seized through the help of a strategic partner. The right partner can accelerate a business’s digital transformation journey, providing guidance through the maze of confusing and conflicting cloud platform claims and value propositions,” Bhargava adds.
Photo credit: iStockphoto/Sonsedska