What? Another cloud acronym? RaaS? Sure looks like it, Recovery as a Service. Remember the Sunguard and IBM contracts you haggle over each year? Well now you can buy that recovery service in the cloud. So is that a good thing?
There are many reasons you engage a recovery partner, and many options you may need in the event of a disaster. How can a cloud service provide a temp physical location? Will they help setup a temporary internet connection for you? What should I worry about you may ask…..
Keep in mind that cloud services are a multi tenancy solution, that is oversubscribed and at the mercy of your available bandwidth. In addition, there currently is no option to bridge between multiple cloud providers. There is also a challenge when it comes to testing / scheduling access to your virtual hardware.
One more important point to make is around regulatory compliance, regardless if that is PCI, SOX or HIPAA. You are still responsible for maintaining your security, DR plans, and compliance. You cannot pass your obligations off to your cloud provider. I would recommend putting into your contract that ability for your auditors to audit the cloud provider. Do not rely on just a SAS 70 Type II audit document given to you by the provider. It is helpful information but not sufficient enough. Your auditor needs to test the environment, controls, and so forth.
RaaS truly is for small environments, and not a solution for large enterprises. It can be used for test or development environments, but in limited capacity. The key to utilizing a Recovery as a Service solution is getting an internet connection restored and your users access to that data or applications. If you have limited bandwidth now, it will be 30 to 45 days for new circuits to address the bandwidth constraint to make RaaS a viable solution.
Keep it positive!
Scott Arnett
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
No comments:
Post a Comment