Each day, cloud services are becoming more commoditized, with the advent of new service providers claiming to offer best-of-breed services. There is no question that the cloud promises immense benefits, but before you jump onto the cloud bandwagon or sign a contract with a cloud service provider, it is important to think about your exit plan. Cloud exit plans should be part of your organization’s overall cloud strategy and must be aligned with your business continuity plan.

Ensuring the Quality of a Cloud Strategy

What if the service isn’t as good as it claims to be? Are you getting locked into a vendor? How much of the service’s unavailability could affect your business?

Imagine a scenario in which you realized four months after signing a contract with a cloud service provider that it isn’t serving its intended purpose; it is having a negative impact on your business because of performance issues, or a change in terms or conditions has altered the price or service-level agreement. However, you have already entered into a three-year lock-in period with the vendor. In this case, you aren’t left with too many options, unfortunately.

To minimize the risk that arises from these situations, it is important to set clear internal guidelines regarding exit criteria for each aspect of the cloud service model (such as software-as-a-service, platfom-as-a-service and infrastructure-as-a-service). The organization must leverage these guidelines in the future. There should also be a risk assessment of the business applications that could potentially move to the cloud and how the business can remain sustainable with the least amount of impact should these applications become unavailable. Those guidelines or inputs should be the base of any discussion with respect to selecting the right cloud service provider for your organization.

Ensuring Your Cloud Provider’s Survivability

In October 2013, cloud service provider Nirvanix went out of business and filed for U.S. Chapter 11 bankruptcy. The company notified customers that they had two weeks to move their data off the service before its operations ceased; this led to complete chaos and panic among Nirvanix customers.

It is important to ask yourself what you would do if your cloud provider should go out of business. The most important aspect of your cloud strategy should be the security and availability of your organization’s data. If your cloud provider goes out of business, how many days will it take to move their customers’ data? If your cloud service provider has back-to-back agreements or an escrow agreement with a third-party organization, you need some kind of insurance that your organization’s data will be handed over before the cloud service provider closes up shop.

These are some of the vital points that must be discussed with a potential cloud service provider so you can minimize risk when it comes to accessing your data. At the end of the day, from both a legal and auditing perspective, secure and available data is your responsibility, and you must be sure your cloud provider can deliver on that.

With more and more cloud service providers in the market, there is more of a chance that some providers will rise and others will fall. But if you plan ahead and put a proper cloud exit strategy in place, you will be in safe hands.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today