As outage horror stories illustrate, CIOs may be overlooking these essential cloud vendor questions

As an increasing number of organizations consider taking on cloud solutions, some real-world examples are emerging on what not to do. These cautionary tales are helping point decision-makers in the right direction when it comes to considering their organization’s path to the cloud.

According to a CIO magazine article titled 8 Questions to Ask Prospective Cloud Vendors, the complexities of cloud can be condensed into a fairly straightforward list.

But when you consider this: The 10 Worst Cloud Outages and What We Can Learn From Them, a list of the 10 worst cloud outages and what lessons they have taught us, one begins to realize that there are deeper considerations CIOs should be taking into account – data storage, redundancy, risk mitigation and security, for example – to fully protect their organization’s data.

Case in point: Google.

Google manages redundant data centers over many geographies and even with data replication in a virtualized environment still suffered an outage.  In order to recover their services, Google had to resort to restoring tape backups to recover member emails and calendars.  This was a very public illustration that the fundamentals of design and continuity aren’t magically implemented when you migrate to a cloud platform.

So what are the deeper questions CIOs should be asking of their cloud vendors?

1.    What are your business continuity/disaster recovery goals and what is your recovery time objective?

Moving into a cloud computing environment, public or private, doesn’t exclude the necessity of having a tested DR plan.  You couldn’t live without it in a client/server environment so you can’t neglect it in the cloud.  And don’t just ask for a vendor’s recovery time objective, ask for each of their third parties’ times to restore services as well and when they were last tested.

2.    Where in the world is my data?

Hacking and data theft happen on a frequent basis.  If you can’t protect your data you should consider legal protections well in advance of theft and making a cloud migration decision.  Question where your data will reside and if it might be moved throughout the world.  Different countries have varied laws regarding data privacy and theft based on the location of a potential theft. The ramifications of such a theft must be considered prior to a migration.

3.    Can you describe the protections within your data centers?

As Intuit found, power outages caused two separate failures of primary and backup systems.  One might think that datacenters surely have redundant power sources and protections, but think again.  Instead of asking to see a vendor’s data center (which is quite impractical), ask for a copy of their SAS70 and/or CICA 5970, read them, and then ask the detailed infrastructure questions you would ask of your own data center managers about how your equipment is protected.

4.    What are your risks, their mitigating factors and the compensating controls from your last risk analysis?

While you might not get a vendor to cough up this information, it is still a great topic for discussion. If they don’t have a good, quick answer there is probably an excellent reason why.  You don’t buy a house without performing an in-head risk or pro-con analysis so why would you move into the cloud environment without doing the same?

This list is obviously not all-inclusive and there are further implications such as cloud security.  Therefore, when considering a cloud-based strategy for your business data it is important to consult an expert in managed services, security, and business continuity prior to making a move. 

Gary Novosel is the Chief Technology Officer for Acrodex 

← Q&A with a Unified Communications Solution Specialist

About Acrodex 

For over 25 years, Acrodex has been a leading provider of strategic IT services for Canadian business. Today, the company is one of Canada’s largest IT solution providers, and provides a full suite of IT services including: IT Architecture and Design, hardware provisioning, software licensing, network & server infrastructure, managed infrastructure support, application development and project management.

Acrodex customers include leading enterprise and medium sized organizations across the country, in such industry segments as the public sector, energy, healthcare, education, and oil and gas. The Acrodex team is comprised of over 600 dedicated IT professionals located in Edmonton, Calgary, Fort McMurray, Toronto, Winnipeg, Regina and Vancouver.

Learn more about Acrodex here.