In my previous perspectives on cloud computing, I addressed some of the realities of cloud costs as well as hybrid and multi-cloud architectures. In the midst of the pandemic, my colleague, Mark Smith, authored a series of perspectives on considerations for business continuity in general, beginning with this look at some of the investments organizations must make to mitigate the risk of business disruptions. In this perspective, I’d like to address some of the realities of business continuity and cloud computing and how they impact the digital technologies of an organization. The cloud can be both advantageous and disadvantageous when it comes to providing business continuity.
Business continuity involves many constituencies, including workers, customers, partners and suppliers. Digital disruptions can come in many forms, including power outages, system outages, ransomware attacks and site disasters such as earthquakes, tornadoes, flood or other calamities. The pandemic was unusual in the sense that the systems could continue to function, but digital disruption occurred because the systems were inaccessible by the constituents they were meant to support since they couldn’t get into the workplace.
The cloud offers some clear advantages, particularly in the situation where disruptions might prevent physical access to the spaces where business is normally conducted. Cloud-based systems can be accessed anywhere. Organizations should ensure that workers and others that need to access systems have the appropriate authentication technologies to access systems remotely and securely. In cases where organizations already support remote workers, this issue has most likely been resolved. Yet, despite the pandemic and its effects, we assert that through 2024, two-thirds of organizations will realize that the digital technology used for operating virtually for business continuity is ineffective in supporting organizational resilience.
The cloud also makes it easier to provide hardware redundancy. In many cases, these capabilities require little or no effort. If an organization is running a workload in the cloud and a failure occurs in the underlying infrastructure, the cloud provider will generally handle it automatically, starting another instance or instances and processing workloads on the new instances. The application must be designed to deal with the temporary disruption, as would be the case in on-premises deployments, but an entire layer of administrative headache associated with identifying and remedying an infrastructure failure is delegated to the cloud provider. The major cloud providers also architect redundancy into cloud storage, eliminating many of the challenges that occur when providing highly available data storage.
However, business continuity is not guaranteed, so organizations should take steps to ensure any disruptions to their business are minimized. Cloud providers can, and have, suffered outages. For example, Amazon Web Services experienced an outage in its Northern Virginia (US-EAST-1) Region last December. Some Microsoft Azure customers experienced failures when trying to access resources hosted in the US-WEST-2 Region, following a power outage. One relatively simple solution is for organizations to create redundant systems across different regions. That way if a particular region goes down, processing can continue in another region. The odds of two regions being down simultaneously are small, but if organizations want to be even more cautious they could replicate your system(s) to a different cloud provider altogether.
Unfortunately, replicating to different regions or different cloud providers doesn’t deal with the scenario where an organization’s internet service is out. Replicating to on-premises infrastructure can help deal with this scenario, but as organizations have become more reliant on cloud components and software-as-a-service (SaaS) applications, they may not be able to install and run some of those components on-premises. However, a robust mobile device strategy could help in this scenario. If applications can be run on phones and tablets, they can continue to access the systems in the cloud.
And what about SaaS applications in general? Organizations should think carefully about whether they want to be completely reliant on a SaaS application provider for business continuity. These application providers can be subject to cloud provider outages. They may suffer their own system outage. For example, Salesforce suffered a significant outage a few years ago as Mark Smith, Ventana Research founder and CEO, described here. More recently, workforce management vendor UKG suffered a ransomware attack, as described here. The point is that organizations should have a business continuity plan in place should the SaaS application become inaccessible.
The focus of this perspective is not to scare organizations away from cloud computing. Rather, it is to ensure that organizations take off the rose-colored glasses when it comes to business continuity and the cloud. There can be a tendency to become overly reliant on cloud providers and SaaS application vendors for business continuity. While the cloud provides inherent advantages for business continuity, organizations can’t entirely abdicate responsibility for business continuity to their vendors. There will likely be events that still manage to cause outages.