Each day, cloud services are becoming more commoditized, with the advent of new service providers claiming to offer best-of-breed services. There is no question that the cloud promises immense benefits, but before you jump onto the cloud bandwagon or sign a contract with a cloud service provider, it is important to think about your exit plan. Cloud exit plans should be part of your organization’s overall cloud strategy and must be aligned with your business continuity plan.
Ensuring the Quality of a Cloud Strategy
What if the service isn’t as good as it claims to be? Are you getting locked into a vendor? How much of the service’s unavailability could affect your business?
Imagine a scenario in which you realized four months after signing a contract with a cloud service provider that it isn’t serving its intended purpose; it is having a negative impact on your business because of performance issues, or a change in terms or conditions has altered the price or service-level agreement. However, you have already entered into a three-year lock-in period with the vendor. In this case, you aren’t left with too many options, unfortunately.
To minimize the risk that arises from these situations, it is important to set clear internal guidelines regarding exit criteria for each aspect of the cloud service model (such as software-as-a-service, platfom-as-a-service and infrastructure-as-a-service). The organization must leverage these guidelines in the future. There should also be a risk assessment of the business applications that could potentially move to the cloud and how the business can remain sustainable with the least amount of impact should these applications become unavailable. Those guidelines or inputs should be the base of any discussion with respect to selecting the right cloud service provider for your organization.
Ensuring Your Cloud Provider’s Survivability
In October 2013, cloud service provider Nirvanix went out of business and filed for U.S. Chapter 11 bankruptcy. The company notified customers that they had two weeks to move their data off the service before its operations ceased; this led to complete chaos and panic among Nirvanix customers.
It is important to ask yourself what you would do if your cloud provider should go out of business. The most important aspect of your cloud strategy should be the security and availability of your organization’s data. If your cloud provider goes out of business, how many days will it take to move their customers’ data? If your cloud service provider has back-to-back agreements or an escrow agreement with a third-party organization, you need some kind of insurance that your organization’s data will be handed over before the cloud service provider closes up shop.
These are some of the vital points that must be discussed with a potential cloud service provider so you can minimize risk when it comes to accessing your data. At the end of the day, from both a legal and auditing perspective, secure and available data is your responsibility, and you must be sure your cloud provider can deliver on that.
With more and more cloud service providers in the market, there is more of a chance that some providers will rise and others will fall. But if you plan ahead and put a proper cloud exit strategy in place, you will be in safe hands.
Senior Security Architect, Infosys Ltd