Business continuity and the cloud: Storm warning
“Cloud services are proliferating because they offer employees tremendous flexibility—the explosion in the use of smartphones and tablets creates a tremendous need for anywhere/ anytime access to applications,” says Peter Westcott, business continuity management advisor at ContinuitySA. “The cloud is great for productivity but it could be a security and business-continuity disaster if not handled correctly.”
The growth in data spend at the expense of voice is testimony to the growing use of mobile devices to perform data-intensive work, empowered by sophisticated (and ever-cheaper) devices. According to World Wide Worx’s The mobile Internet in South Africa 2012, the average user has increased spend on data by 50 percent over the preceding 18 months.
“Spend on data is a barometer for the rapid increase both in the number of Internet users in South Africa and in the intensity with which experienced users engage with the Internet,” says Arthur Goldstuck, managing director of World Wide Worx.
Westcott argues that many employees are using third-party cloud services (the public cloud) unilaterally because their corporate IT departments are simply not providing the support their working habits now require. This may result in corporate data being shared between project team members via a service like Dropbox, for example. He points out that this means that corporate data is being held by a third party under the custodianship of a person who might meanwhile have left the company or who is only a contractor—a likely scenario given the fluid organisational structures of the modern corporation.
Even when the IT department is involved in moving applications or other portions of the corporate IT into the cloud, the motivation is often to stretch IT budgets with too little thought given to data security.
Westcott notes that to provide for adequate business continuity, companies should consider using two cloud providers, with the data and application synchronised between the two. “It’s vital that you research each provider carefully to ensure that their physical hosting infrastructure is located in different geographic regions—you don’t want your backup to be located in the same data centre!” he advises.
Westcott argues that loss of control over one’s data should remain a key concern for companies using the cloud, particularly given the current and pending legislation relating to data protection and risk. He points out that public cloud providers are typically very large organisations that offer no service level agreements—and that when a problem occurs, just finding a human to deal with it can be a challenge. And, as the Snowden case has revealed, public cloud providers offer no protection against intrusive government oversight of the data stored on their systems.
The real solution, Westcott believes, is to retain control of one’s data while taking advantage of the cost and productivity benefits of the cloud model. He points out that there are numerous open-source tools that can be used to create a private cloud with all the services needed by employees. One example is ownCloud, which provides the same functionality as Dropbox but with data hosting controlled by the company. .
“IT departments have to raise their games, and position themselves to provide cloud services to employees, so that there is no need to look at potentially unsafe public cloud services,” he says. “By creating a private cloud—which could be hosted in a third-party data centre—the company could provide its employees with the tools they need and get the cost benefits while retaining control of its important data and ensuring that proper business continuity measures are in place.”