Whoops, my cloud's just gone titsup. Now what?
No email? No CRM? No Daily Mail iPad edition? You need a plan
People, not process, will help get you through
Bear in mind, too, that a manual workaround may be perfectly adequate for the duration of the outage. Paul Burns, national technical director at IT services company TSG, told The Reg he believes that we’ve become so reliant on IT we tend to forget that an automated failover to something else may not necessarily be the best solution.
A disaster recovery plan is only the start: communicating it, educating staff and running regular simulations – every six to 12 months depending on how critical the service is to your business - are all essential, too. “Often SLAs only kick in when you put in the call to the service provider to it’s about knowing how to contact the service provider and making sure you have concrete evidence about the fault,” Allen said.
“Knowing when to flick the switch to your back-up is one of the most difficult decisions to make, particularly as you’re unlikely to get much reliable information from the cloud provider about when things are likely to be back up and running,” Burns added.
The skill-sets needed to manage business in the cloud are a potential stumbling block: not only will you need to understand the reputational risk of services not being available but you'll also have to manage the commercial and service delivery aspects of the cloud. Bloor Research reckons you need what it calls a collaborative approach to resolving problems. Bloor Research associate analyst Kevin Borley said: “It’s no good saying: 'OK Google, have all my apps’ without updating and rethinking your disaster recovery.”
Companies also need to do some corporate soul-searching to work out if the cost of guaranteeing resilience balances the delivery requirements of that service. Customers should consider how quickly they need to be back up and running so as not to negatively impact the business.
Needless to say, the implications of downtime can be serious – not just in terms of direct costs to the business, but also the financial knock-on effect of services being unavailable. According to the Technology Business Management Council, which develops best practices for measuring the cost of IT including cloud services, understanding cost measurement is essential not just to proper contingency planning but to gaining increased leverage in negotiations over compensation if things do go wrong.
No customer data? Better check the Salesforce admin portal
“You need a system in place that is as transparent with the cost and the performance of a cloud service, so if there’s an outage they get an appropriate amount of compensation,” Council founder and president Chris Pick said.
Few agree that compensation is an avenue worth pursuing. While promises of compensation by suppliers may give you reassurance about the reliability of their service, in reality it’s all rather theoretical, legal expert Nicolas warns. Public cloud providers will have an absolute exclusion for all types of loss and a cap on liability that is usually very low and normally relates to the amount of time the service is unavailable.
Adobe pledged to consider compensating customers on a "case-by-case basis", but it's not known which customers were refunded or with which amount.
For public cloud services, typically you’ll be entitled to one day of payment back for every hour the service was down to a maximum of 30 days. Those using hybrid and private cloud services might be able to negotiate a better deal in terms of the limits of liability.
If there are no exclusions in the contract, you could potentially recover direct losses from the breach which may include a certain amount of loss of profit, compensation for lost staff productivity, and even reimbursement of compensation you’ve had to pay your customers. “Even then it’s very unlikely that a supplier would agree to cover your loss of data,” Nicolas warns.
And while SLAs may compensate paltry sums for loss of access to the service, the cost of reputational damage and the intangible loss of business could reach into millions of pounds.
Outages undoubtedly inflict untold misery on those customers left floundering.
Still, service providers are working on their reliability and the biggest names in the game (Amazon, Apple, eBay, Facebook, Google, Microsoft and Yahoo!) invested more than $27bn on data centres in 2013, a 30 per cent increase over the previous year, according to 451 Research.
Also, use of cloud computing services is expected to grow as customers turn off their own servers in exchange for something they pay for as a service.
With that in mind, it's worth thinking of cloud services as if they were utility providers. You probably wouldn’t even try to sue an electricity supplier if you had a power cut. But you would expect the power to come back on and if it was that critical to you, you’d have laid on some back options in case of an outage. ®
Sponsored: The Nuts and Bolts of Ransomware in 2016