Neil MacDonaldI don’t think so and I doubt many people would agree with this either.
The reason I bring this up is that I was having an interesting discussion with colleagues on Cloud security and availability (spurred by the recent Amazon outage) and a statement was made something along the lines of
“If I must have on-premises backup systems to backup cloud-based services when they go down, what is the purpose of using cloud-based services?”
My response:
It is precisely because something is critical that we have backup plans in place for when they fail – and this is true independent of location (on premises or cloud, it’s the same fundamental underlying issue)
I quickly drew up this diagram:
The point is, Cloud or no Cloud, critical services need backup plans — and that these backup capabilities can be cloud-based or on-premises.
That’s the big takeaway from the Amazon outage. Well-designed applications services that were designed to take advantage of Amazon’s geo-redundancy remained available (the upper right hand corner of this diagram). Or, the service could have been designed to be moved (with some cost and effort) to an alternative cloud platform provider. Either way, it will likely cost more for this type of service availability and require a bit more planning at design time, but that would be true even if the critical service was kept on-premises.
Moving to cloud-based services hasn’t relieved you of the responsibility to plan for service unavailability.
Comments Off
Category: Cloud Security Tags: Cloud Security, Defense-in-Depth, Security-Summit-NA
