While a fire has just ravaged a data centre of one of the main French hosting companies, the news reminds us once again that the choice to put one’s data in the cloud is never an absolute guarantee of protection.
3.6 million websites are down, more than 460,000 domain names are inaccessible – and millions of e-mail boxes are unusable. These are the direct consequences of the fire that destroyed a few days ago a data centre located in eastern France. The cause of the fire was probably an accidental outbreak of fire on electrical equipment.
Definitive loss of data
For some customers, however, the consequences are much more serious than a domain name being inaccessible for a few hours or days. Indeed, for those who would not have subscribed to a backup option and whose data was hosted on the servers that went up in smoke, these data are permanently lost. Today, these customers can only cry over their losses and for some, their entire business is seriously threatened.
The illusion of protection
“My data is in the cloud, nothing can happen to it.” This is essentially what many people tend to believe. We readily associate the cloud with the notion that it is virtual, and therefore indestructible. But this ignores the fact that even if data is accessed via the cloud, it is still hosted on physical servers – even when using virtual machines, which are nothing more than parts of shared physical servers.
When a server fails or is destroyed, the notion of the virtual suddenly becomes physical and tangible again. The cloud is not virtual; it can definitely fail, and the whole company can be at risk.
The fire that occurred a few days ago is no exception. And it is not the only type of incident that can affect a data centre. Floods or cyber incidents are two other examples of threats that can have the same dramatic consequences for business data and operations.
Backup plan
The cloud doesn’t exempt you from being prepared and having a backup plan. It’s often when it’s too late that you realize this. Some of the customers affected by last week’s fire are experiencing this bitterly.
Years ago, forward-thinking companies regularly backed up their data to physical media (tapes, hard drives). This principle has not changed, except that today the data is much larger and needs to be accessed instantly via connected, highly available and secure infrastructures. Being in the cloud doesn’t mean you don’t need physical protection. On the contrary. As current events have shown, being in the cloud requires a solid disaster recovery plan that can be activated without delay in the event of an incident.
Several points are crucial to put in place an effective contingency plan in case of a problem.
First of all, the method, which is based on four pillars: business impact analysis or BIA (which processes are most critical in the company, and what are the impacts on the business if these processes are degraded); risk assessment (which threats can cause the most harm to the company); business continuity strategy and planning (in case of unavailability of the work environment, technology tools, partners and/or employees); and the testing program (making sure the plan works and that everyone knows their role).
Secondly, a recovery plan must respect two main principles. First, the plan should not be limited to restoring servers, the on-premises environment or the cloud environment. It must apply to the entire hybrid infrastructure and it must also take into account the company’s applications. Also, the backup plan should not focus on solving the problem, but on having backup resources that can be activated at any time, beginning immediately. For this reason, these resources must be physically separated from the company, but connected to its infrastructure.
At the end of the day, the “cloud” as we know it is just as real as the clouds in the sky – constantly changing and impossible to pin down, but just as real and important to our IT ecosystem as a cumulonimbus formation on the horizon.