DS News

70 A CLOUD COMPARISON For many years, firms have been apprehensive to use the mysterious "cloud" as a strategy in their BCP/DR plan or overall data management, largely due to perceived compliance concerns or a general lack of understanding as to how to choose the right solution. ere are many drivers that may cause you to think about cloud computing as the best solution. ey typically include: » Cost » Risk reduction » Scalability » Agility (mobility) Many are skeptical of cloud computing because of assumptions that it is less secure or carries greater risk. However, this theory can only be considered true if you have completed a direct and comprehensive comparison between the cloud provider's environment and your on- premises infrastructure. Factors to be compared include: » Technological components » Risk-management processes » Preventative, detective, and corrective controls » Governance and oversight processes » Resilience and continuity capabilities » Multi-factor authentication Until you have had an expert truly weigh your internal environment against the cloud, it would be premature to assume one is safer than the other. WHAT'S YOUR PLAN? Regardless of whether you choose the cloud as part of your strategy or not, you need an effective plan. When putting together an effective BC/DR solution, you must start with the basics: » Know specifically what assets are important (data and processing). » Consider the current location of assets (on- premises, co-location facility, cloud service provider). » Understand the details of the network connection between the assets and the processing sites. Having a reliable cloud computing site that you cannot reach because your ISP has failed does not provide you the coverage you need. Know your requirements and understand your environment: Whether you handle your own backups, use a cloud service provider (CSP), or a combination of both, your objective is to ensure you are protected against the risk of data not being available or business processes not functional, leading to a breach of your service level agreements, lost revenue, and damaged client relationships. It is important that you understand the specific requirements set forth by your clients. ey include: » Recovery Point Objective (RPO), which helps determine how much information must be recovered and restored. It includes asking questions such as, "Is it okay to have quick access to your case data and documents, even if your non-case-related documents are not available for several days or are lost altogether?" What do your clients require? » Recovery Time Objective (RTO) is a measure of how quickly you need each system to be up and running in the event of a disaster or critical failure. » Recovery Service Level (RSL) is a percentage measurement of how much computing power is necessary based on the percentage of the production system needed during a disaster. Data Replication: Maintaining an up-to-date copy of the required data at a different location can be done on a few technical levels and with varying degrees of granularity. It is important to know your replication requirements. For example, data can be replicated at the block level, file level, or database level. Replication can be in bulk, on the byte level, via file synchronization, database mirroring, daily copies, etc. Each alternative impacts your RPO/RTO and has varying costs including bandwidth requirements. Functionality Replication: is includes the ability to re-create processing capabilities at a different location. Depending on the risk to be mitigated and the scenario that's chosen, this could be as simple as selecting an additional deployment zone or as involved as performing an extensive rearchitecting. Examples of simple For many years, firms have been apprehensive to use the mysterious "cloud" as a strategy in their BCP/DR plan or overall data management, largely due to perceived compliance concerns or a general lack of understanding as to how to choose the right solution.

• Cover