Each day, cloud services are becoming more commoditized, with the advent of new service providers claiming to offer best-of-breed services. There is no question that the cloud promises immense benefits, but before you jump onto the cloud bandwagon or sign a contract with a cloud service provider, it is important to think about your exit plan. Cloud exit plans should be part of your organization’s overall cloud strategy and must be aligned with your business continuity plan.

Ensuring the Quality of a Cloud Strategy

What if the service isn’t as good as it claims to be? Are you getting locked into a vendor? How much of the service’s unavailability could affect your business?

Imagine a scenario in which you realized four months after signing a contract with a cloud service provider that it isn’t serving its intended purpose; it is having a negative impact on your business because of performance issues, or a change in terms or conditions has altered the price or service-level agreement. However, you have already entered into a three-year lock-in period with the vendor. In this case, you aren’t left with too many options, unfortunately.

To minimize the risk that arises from these situations, it is important to set clear internal guidelines regarding exit criteria for each aspect of the cloud service model (such as software-as-a-service, platfom-as-a-service and infrastructure-as-a-service). The organization must leverage these guidelines in the future. There should also be a risk assessment of the business applications that could potentially move to the cloud and how the business can remain sustainable with the least amount of impact should these applications become unavailable. Those guidelines or inputs should be the base of any discussion with respect to selecting the right cloud service provider for your organization.

Ensuring Your Cloud Provider’s Survivability

In October 2013, cloud service provider Nirvanix went out of business and filed for U.S. Chapter 11 bankruptcy. The company notified customers that they had two weeks to move their data off the service before its operations ceased; this led to complete chaos and panic among Nirvanix customers.

It is important to ask yourself what you would do if your cloud provider should go out of business. The most important aspect of your cloud strategy should be the security and availability of your organization’s data. If your cloud provider goes out of business, how many days will it take to move their customers’ data? If your cloud service provider has back-to-back agreements or an escrow agreement with a third-party organization, you need some kind of insurance that your organization’s data will be handed over before the cloud service provider closes up shop.

These are some of the vital points that must be discussed with a potential cloud service provider so you can minimize risk when it comes to accessing your data. At the end of the day, from both a legal and auditing perspective, secure and available data is your responsibility, and you must be sure your cloud provider can deliver on that.

With more and more cloud service providers in the market, there is more of a chance that some providers will rise and others will fall. But if you plan ahead and put a proper cloud exit strategy in place, you will be in safe hands.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today