Is Trusting Big Cloud with Your DR Strategy a Recipe for Disaster?

big cloud

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Adam Stern of Infinitely Virtual breaks down why you should diversify your disaster recovery strategy and not put all your eggs in one Big Cloud basket.

SR - Premium ContentIn the cloud, no one can hear you scream about promises made and not kept.

Cloud migration is typically a deliberative process, meaning that it’s all about caution and iteration and the expectation that once you’ve identified partners and configured a solution, you have a vested interest in letting things play out.  Sunk costs, after all, are both financial and temporal.

I’m a big believer in cloud diversification. Embrace Big Cloud for sure, but leave yourself some significant wiggle room. Cloud diversification is simply a smart strategy for managing the unknown. By ensuring that not all of your eggs are in Amazon’s basket (or Microsoft’s or Google’s), you can exert control over a disaster recovery (DR) environment or a secondary data center– you can hold tight to a literal security blanket. Retaining some level of autonomy while working with a more prominent cloud provider can be a best-of-both-worlds scenario, assuming you simplify as you diversify.

Which is why it’s fortunate cloud migration is not all or nothing, not a one-and-done process, particularly where DR is concerned. It’s about leaving your organization room to maneuver — doing your due diligence in finding and deploying a solution set and a proven provider, but simultaneously ensuring that you’re not locked out; you’re not captive to an organization that knows neither your name nor your business. And may not be there for you in your hour of greatest need. That’s not hyperbole so much as recognizing the fundamental imperatives of the business. DR is largely about showing up– being there, hand-holding, and serving as a genuine IT partner when it matters most. Capabilities that tend not to be in Big Cloud’s CV.

As Ojasvi Nath of Spiceworks.com puts it, “the purpose of disaster recovery strategies is to allow an organization to restore access to vital systems and IT infrastructure post-disaster quickly. Companies generally conduct an in-depth review of their systems and produce a formal document to obey in moments of emergency to prepare for this. Cloud disaster recovery is less complicated than disaster recovery on-premise; companies may combine and permute numerous recovery strategies without sacrificing the services they demand.“

So, by all means, decouple your Big Cloud partner from the mechanics of disaster recovery. Your partner won’t take it personally; indeed, it’ll be completely oblivious. And that’s as it should be. Organizations tend not to consider multiple data centers until circumstances force the consideration (read: a calamity of some kind). But being proactive and organizing for autonomy must be the name of the game from the outset. As you move forward, be clear on the difference between vendor diversification and environment diversification. It’s exceedingly difficult to place 100 percent trust in any single vendor, so treat cloud diversification in the service of DR as an effective way to place yourself and your organization first.

Although cloud diversification can be liberating, Dave Russell, VP of Enterprise Strategy at Veeam, cautions that enlisting multiple cooks by itself won’t ensure a flawless soufflé or absolve the organization of its duty to call the shots:

“Business leaders still need to appreciate that the data is still primarily the responsibility of the owning organization, not of the cloud service provider,” he says. “While there are infrequent outages, enterprises must continually remind themselves that total responsibility for data availability lies in their hands.”

The goal of every enterprise is getting data management and protection procedures under control by introducing cloud-based methods that will maintain availability around the clock; Russell admonishes: “Regardless of the approach, the ultimate goal of any storage strategy is the availability of data. When data is unavailable, lost, or unprotected, there’s a huge price to pay.”

Here’s my issue: in DR, users, and providers habitually miss the forest for the trees; they typically focus on the minutiae of endpoint security and lose the plot. Of course, every organization needs to have some kind of business continuity plan, whether that plan is simple or complex– a plan that provides a course of action when the worst of the worst happens. Cybersecurity is but one bullet point in that plan. I’m troubled that IT too often treats disaster recovery as a siloed task, a matter of too little encryption or porous firewalls or some other technology-driven glitch that, once fixed, doesn’t actually move the business any closer to seamless operations. “Business continuity” is all-encompassing, full stop. Every organization should be in the business of mitigating risk. Because cybersecurity is of the moment, its value lies in part in raising awareness among companies that haven’t fully thought about the big picture, of which cybersecurity is simply an element. By not trying to be all things to all organizations and empowering users to mix and match DR solutions intelligently, a strategic approach to cloud diversification provides shelter and even some security within an AWS, Google, or Azure framework– so long as users firmly hold on to the keys.

Adam Stern
Follow Adam