InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
What are the key differences between public cloud BC/DR and traditional on-premises BC/DR? What role does the cloud provider play in public cloud BC/DR? This piece addresses these specific questions while outlining the main issues to consider when creating
a public cloud BC/DR plan.
Your BC/DR plan should start with an understanding of continuity requirements. A good initial question to ask is: How much downtime and data loss can the business accept? It is not unusual for the initial response to that question to be “none,”
but this is often before the cost and complexity of achieving that is fully assessed.
Once the full costs are understood, businesses discover how long an outage and how extensive a data loss they can endure. Those become their recovery time objective (RTO) and recovery point objective (RPO). This is important because the difference between
an infrastructure that delivers zero downtime and data loss versus one that has more flexibility is technically and financially significant.
Public cloud’s real strength is its technical and commercial flexibility and elasticity, so operating infrastructure that remains always-on may not be the best way to utilize it. However, public cloud may be a viable approach when businesses are
willing to accept some level of downtime and data loss in a BC/DR plan.
To operate BC/DR infrastructure as a platform for quick recovery, key topics to consider include:
READ: The Importance of Supplier Continuity Exercises
The cloud’s flexibility is very attractive. It allows a business to quickly build environments and only pay for what it needs, instead of funding a dormant asset awaiting use. However, if the requirement is for a BC/DR infrastructure that is constantly
operational, this become expensive, and a fixed-cost service may be more appropriate.
Complexity cannot be ignored either. With the cloud, supporting teams must deliver an appropriate platform that is maintained, supported and available in the event of an incident. When it comes to BC/DR, it’s crucial customer organizations fully
understand what they need from the environment and what skills are required to operate it. Once those are defined, they will be in a better position to understand whether public cloud should be part of their BC/DR plan.
The biggest area of difference is the amount of collaboration required. You have to work with the cloud service provider (CSP) or multiple CSPs to get the right plan in place, because in the shared responsibility model, you own the data, but they own
the infrastructure (see Figure 1). Once you fully understand your requirements, you can work with the CSP(s) to build a plan that fits your needs and budget.
The cloud can effectively deal with most issues of traditional BC/DR. Key benefits include:
With all those benefits, it sometimes makes sense from a cost/relationship perspective to do BC/DR within the same provider. This could potentially work if the organization is careful to spread those workloads across zones and watch any data sovereignty
Other organizations decide they are uncomfortable using the same cloud provider for BC/DR and go the multi-cloud route. Challenges in using multi-cloud BC/DR include:
However, some third-party DR-as-a-service (DRaaS) solutions – such as Veeam, Iland and Zerto – bridge multiple clouds, making it far easier to implement a multi-cloud BC/DR strategy. If you’re looking to implement a multi-cloud BC/DR
plan, consider beginning with a smaller scoped proof of concept (POC) before expanding to the rest of your organization. And like all BC/DR plans, regular testing is a must.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
September 29, 2022
By IANS Faculty
Understand the integration points between information security and enterprise architecture. Find guidance for functional organizational constructs to maintain a solid EA practice.
September 27, 2022
By IANS Research
Learn how to ensure full cyber insurance policy coverage and find 5 tips to help maximize your potential cyber insurance claims.
September 22, 2022
Find information on cyber insurance coverage types along with best practices to choose a cyber insurance carrier and policy for optimal security coverage.