Each day, cloud services are becoming more commoditized, with the advent of new service providers claiming to offer best-of-breed services. There is no question that the cloud promises immense benefits, but before you jump onto the cloud bandwagon or sign a contract with a cloud service provider, it is important to think about your exit plan. Cloud exit plans should be part of your organization’s overall cloud strategy and must be aligned with your business continuity plan.

Ensuring the Quality of a Cloud Strategy

What if the service isn’t as good as it claims to be? Are you getting locked into a vendor? How much of the service’s unavailability could affect your business?

Imagine a scenario in which you realized four months after signing a contract with a cloud service provider that it isn’t serving its intended purpose; it is having a negative impact on your business because of performance issues, or a change in terms or conditions has altered the price or service-level agreement. However, you have already entered into a three-year lock-in period with the vendor. In this case, you aren’t left with too many options, unfortunately.

To minimize the risk that arises from these situations, it is important to set clear internal guidelines regarding exit criteria for each aspect of the cloud service model (such as software-as-a-service, platfom-as-a-service and infrastructure-as-a-service). The organization must leverage these guidelines in the future. There should also be a risk assessment of the business applications that could potentially move to the cloud and how the business can remain sustainable with the least amount of impact should these applications become unavailable. Those guidelines or inputs should be the base of any discussion with respect to selecting the right cloud service provider for your organization.

Ensuring Your Cloud Provider’s Survivability

In October 2013, cloud service provider Nirvanix went out of business and filed for U.S. Chapter 11 bankruptcy. The company notified customers that they had two weeks to move their data off the service before its operations ceased; this led to complete chaos and panic among Nirvanix customers.

It is important to ask yourself what you would do if your cloud provider should go out of business. The most important aspect of your cloud strategy should be the security and availability of your organization’s data. If your cloud provider goes out of business, how many days will it take to move their customers’ data? If your cloud service provider has back-to-back agreements or an escrow agreement with a third-party organization, you need some kind of insurance that your organization’s data will be handed over before the cloud service provider closes up shop.

These are some of the vital points that must be discussed with a potential cloud service provider so you can minimize risk when it comes to accessing your data. At the end of the day, from both a legal and auditing perspective, secure and available data is your responsibility, and you must be sure your cloud provider can deliver on that.

With more and more cloud service providers in the market, there is more of a chance that some providers will rise and others will fall. But if you plan ahead and put a proper cloud exit strategy in place, you will be in safe hands.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today