There are still misconceptions about cloud resilience
Organizations are increasingly moving to the cloud and there’s lots of promise for what the cloud can provide, but there are both advantages and disadvantages to having cloud-hosted infrastructure.
Some cloud computing advantages include:
- Faster time to market
- Scalability and flexibility
- Cost savings
- Better collaboration
- Advanced security
- Data loss prevention
However, there are still misconceptions about what having your infrastructure in the cloud means for resilience. In our survey into the current state of operational resilience in the cloud, 73% of respondents said that they had assumed that some degree of resilience was automatic when moving infrastructure to the cloud. The reality is much more complicated - many leaders seem to be underestimating the level of governance and structure that must be put in place to ensure cloud resilience.
There are still plenty of limitations and risks that come with operating in the cloud, such as:
- Risk of vendor lock in
- Less control over underlying cloud infrastructure
- Concerns about security risks like data privacy and online threats
- Integration complexity with existing systems
- Unforeseen costs and unexpected expenses
Though 99% of our survey respondents said that resilience in the cloud was important, 60% said they struggled to adapt continuity and resilience plans from on-premises infrastructure to the cloud. 56% said their resilience strategy was too reactive and short term, while 79% said their resilience strategy was not mature enough.
Operating in the cloud also creates added complexity, and this can make understanding and managing your resilience requirements even more challenging. There is still a need for disaster recovery despite the promises of increased resilience with the cloud.
Why you still need disaster recovery in the cloud
Common causes of cloud outages include natural disasters, cyber threats, human error, application defects, poorly designed architecture, and the organization’s inability to stay prepared for failure. Any of these can lead to knock-on effects such as end customers losing access to applications, revenue loss, loss of customer trust, loss of data, and challenges bringing up applications due to data inconsistencies.
The cost and frequency of outages have prompted 81% of organizations to focus on cloud resilience more than ever before.
The shared responsibility of cloud resilience
Cloud providers don’t take all the responsibility of resilience off your plate. Your cloud deployment model dictates the level of responsibility for workload recovery and resilience. While using cloud providers can make your life easier, it can also lead to a loss of control over your applications and services.
It’s important to understand what your cloud provider is responsible for and what you are responsible for. Your cloud provider takes care of monitoring and responding to security threats related to the cloud itself and its underlying infrastructure, while you are responsible for protecting data and other assets stored in the cloud environment. Cloud users that don’t realize this can end up unknowingly running workloads in the public cloud that are not fully protected, making them vulnerable to attacks.
The risks of poor cloud resilience
Uptime Institute found that increasing cloud and distributed techniques soften the impact of outages. However, over 50% of those surveyed have workloads they’re not willing to risk in the public cloud for reasons of resilience. There seems to be a dilemma between the added resilience benefits of the cloud vs the loss of control and what that could lead to.
There have certainly been some impactful outages caused by cloud failures in the last couple of years, including major outages at Google, IBM, and Slack, to name a few. The causes of these outages were varied, but they show that cloud hosting doesn’t mean you can forget about resilience and recovery.
Cutover for cloud resilience/disaster recovery
Ultimately, most businesses are embracing the scaling and flexibility benefits that the cloud has to offer, but are aware of the security and resilience risks that this new layer of complexity brings.