Set it and forget it? Not if it’s a cloud computing solution on which your enterprise is relying to accomplish its daily operations. Due diligence in cloud vendor selection and frequent regular testing are both key components of the overall process. Taking a leaf out the banks’ books can be instructive in this context. While many banks have recognized the advantages to be gained by using cloud-based resources, they also know that security and reliability are of paramount importance for efficient, uninterrupted business.
The first step in choosing a cloud provider is to find out if that provider has any particular affinity with your industry sector and whether it observes established industry guidelines. Banks for example look for evidence that the cloud provider understands the nature of financial auditing standards like SSAE 16 (Statement on Standards for Attestation Engagements). They want proof that the provider has the capability to allow them to observe rules concerning the classification and segregation of their data, not just provide recoverability.
If the cloud provider profile is the right fit, business continuity and disaster recovery planning follows. Check for example on possibilities for co-location of IT resources and that backups can be restored within recovery time objectives. Testing recovery capabilities once every quarter is a frequency that allows banks and many other commercial entities to maintain confidence in the resilience of their systems. Server data and application restores need to be done in full to make sure systems will continue to work in the event of a business continuity incident.
And last but not least, any cloud provider customer should see net added value by using the cloud resources on offer. Money is the life blood of all enterprises, not just banks. Despite the reputation of the cloud as being automatically more cost-effective, some businesses may still find that their own in-house solution, distributed over different sites, may work out better. In either case, cloud or in-house, the financial aspects must also be reviewed regularly afterwards. Leave options open where possible to move to a more advantageous configuration if it becomes available.