A recent report from research firm Gartner has highlighted the need for greater transparency when it comes to cloud contracts. It states that buyers of commercial cloud services are finding security provisions inadequate - contracts often include ambiguous terms regarding the maintenance of data confidentiality, data integrity and recovery after a data loss incident, leading to dissatisfaction among cloud services users.
Groucutt agrees with the findings and believes that there is a naïve view currently held by some organisations when it comes to migrating data to the cloud and how easily it can be retrieved, especially in the event of a disaster.
“In an ideal world, the standard backup and recovery solutions provided by CSPs should suit the exact needs of the customer. Unfortunately, this is not always the case.
“The benefits of cloud deployment are well documented but what is not so clear are the processes in place for a CSP to recover data in the event of a disaster. It’s important to realise that not all CSPs have backup and recovery options.
“IaaS, PaaS and SaaS providers might have service level agreements (SLAs) in place for uptime but in the event of loss they might accept no responsibility. This could be down to a number of factors such as keeping the costs low or by having backup and recovery options available at an additional price. Also, looking at things from the opposite end of the scale, it might be that the CSP includes services that fully match your requirements, but this will obviously be reflected in their cost.”
Groucutt continued: “Another consideration often overlooked is the inherent risk in using the same CSP for disaster recovery. As part of your due-diligence in choosing a service provider, you should look into their financial stability – we have seen too many examples of providers going out of business and leaving customers high and dry. If problems do arise with the CSP, make sure you can recover your systems elsewhere, whether it is on-site or with another CSP.”
“The report from Gartner is a clear indication of the frustrations being felt by organisations. There is an onus on both sides to try and clarify areas of confusion. End-users need to ensure that they are very clear about the terms and conditions outlined by the service provider in SLAs and contracts. Equally, we as an industry need to ensure that we are transparent with what we can and cannot offer.
“Ultimately, the CSP should provide you with the resiliency, stability and scalability you need to enable a disaster recovery infrastructure to support your business. There’s no such thing as a standardised disaster recovery process – every CSP will offer something different. It’s therefore imperative that organisations interrogate these differences and build a disaster recovery strategy that closely reflects their individual needs.”