By VERNA LYNCH
SVP of Business Development
April 17, 2014 | 3:55 PM ET
Many organizations make the mistake of thinking that they are less “on the hook” for Disaster Recovery and Business Continuity, believing the responsibility moves to the cloud providers. The truth is, as your organization moves more services to the cloud, BC and DR Managers need to be vigilant. Your data may have moved to the cloud, but your responsibility for your data has not. The risk is still yours. If your organization’s DR and BC practices are not sound, the risk to your organization and its reputation is significant.
Moving services to the cloud can make things easier – or more complicated. Even though each cloud provider has the responsibility for DR and BC for the service you receive, the activity can be more complicated for your organization because of the coordination required across many services or service providers.
What can you do?
- Make sure the cloud services you are evaluating work well with the systems you have. Get an outside assessment if needed.
- Ensure that your contracts clearly address your organization’s specific requirements and service levels effectively support your business. Audit their recovery plans, or require it. Make sure the service provider has the appropriate Service Organizational Controls (SOC) report, a SOC 1 or SOC 2. The SOC 1 replaced the old SAS 70 and is also called the SSAE 16. The SOC 2 is for service providers who do not handle financial transactions. Also keep in mind that you may need a SOC audit yourself, depending upon your data and the requirements of your customers. Just providing your cloud services SOC report may not be enough to satisfy your customers’ auditors.
- Consider a centralized cloud-based service that can back up both local and cloud services.
- Review your SLAs. They may not be up to date, and even if they are, their implementation may not be optimal. As part of implementation, make sure you come to agreement on particular performance measures. These measures allow you to regularly monitor cost effectiveness of the cloud based service, and better identify and understand performance problems. This tactic can provide a foundation for facilitating ongoing performance improvement.
For more information on DR and BC planning or SOC reports, please contact Verna Lynch at firstname.lastname@example.org or call 207-739-9540. Or go to contact us.