Each day, cloud services are becoming more commoditized, with the advent of new service providers claiming to offer best-of-breed services. There is no question that the cloud promises immense benefits, but before you jump onto the cloud bandwagon or sign a contract with a cloud service provider, it is important to think about your exit plan. Cloud exit plans should be part of your organization’s overall cloud strategy and must be aligned with your business continuity plan.

Ensuring the Quality of a Cloud Strategy

What if the service isn’t as good as it claims to be? Are you getting locked into a vendor? How much of the service’s unavailability could affect your business?

Imagine a scenario in which you realized four months after signing a contract with a cloud service provider that it isn’t serving its intended purpose; it is having a negative impact on your business because of performance issues, or a change in terms or conditions has altered the price or service-level agreement. However, you have already entered into a three-year lock-in period with the vendor. In this case, you aren’t left with too many options, unfortunately.

To minimize the risk that arises from these situations, it is important to set clear internal guidelines regarding exit criteria for each aspect of the cloud service model (such as software-as-a-service, platfom-as-a-service and infrastructure-as-a-service). The organization must leverage these guidelines in the future. There should also be a risk assessment of the business applications that could potentially move to the cloud and how the business can remain sustainable with the least amount of impact should these applications become unavailable. Those guidelines or inputs should be the base of any discussion with respect to selecting the right cloud service provider for your organization.

Ensuring Your Cloud Provider’s Survivability

In October 2013, cloud service provider Nirvanix went out of business and filed for U.S. Chapter 11 bankruptcy. The company notified customers that they had two weeks to move their data off the service before its operations ceased; this led to complete chaos and panic among Nirvanix customers.

It is important to ask yourself what you would do if your cloud provider should go out of business. The most important aspect of your cloud strategy should be the security and availability of your organization’s data. If your cloud provider goes out of business, how many days will it take to move their customers’ data? If your cloud service provider has back-to-back agreements or an escrow agreement with a third-party organization, you need some kind of insurance that your organization’s data will be handed over before the cloud service provider closes up shop.

These are some of the vital points that must be discussed with a potential cloud service provider so you can minimize risk when it comes to accessing your data. At the end of the day, from both a legal and auditing perspective, secure and available data is your responsibility, and you must be sure your cloud provider can deliver on that.

With more and more cloud service providers in the market, there is more of a chance that some providers will rise and others will fall. But if you plan ahead and put a proper cloud exit strategy in place, you will be in safe hands.

More from CISO

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…