Moving To The Cloud? 6 Key Risks To Consider

Strategies that suggest running company servers from data centres (Cloud) are not a new concept to businesses. But as time has gone on, this strategy has now become a viable alternative to SMEs, providing a number of benefits. As a result, many companies are actively turning to cloud-based strategies rather than merely refreshing server hardware.

But frustratingly – and perhaps inexcusably considering the huge volumes of ink dedicated to the serious considerations of pursuing a cloud strategy – too many companies make costly mistakes, forcing me to vent and highlight – once and for all – the six most important areas of risk to consider when making such a major step.

1. Risks around service continuity

Commodity services – those ‘off the shelf’, cheap solutions – will often neglect to make any mention of Service Level Agreements (SLAs) concerning service continuity. But you must understand the risk to your business posed by the following issues, and what your provider is willing to guarantee within the agreement. After all, if you don’t know what the guarantees are, how will you ever convince your board of the merits of cloud computing?

Most commodity services do not publicise where their servers are hosted, using security as an excuse – but this is not a viable explanation. In 2005, The Telecommunications Industry Association published the Telecommunications Infrastructure Standard for Data Centres, which defined four tiers of service and established standards for each category.

The simplest is a Tier 1 data centre, which is basically a server room without any redundancy or basic protection of continuity. The most stringent is a Tier 4 data centre, which is designed to host mission-critical computer systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access methods.

It is unlikely that an inexpensive service is going to be housed in a premium facility, in which case moving your systems to such an environment may create an unacceptable point of risk for your business.

Too many companies are stuck in the dark ages when it comes to backup and are still using tape – despite its unreliability. There are cost efficient technologies that can recover a server in minutes, whereas tape, if it works, may take days to recover a single failed server. Find out what methodology the provider is using and also explore the test recovery process and how frequently the process is examined for reliability.

The risk of buying from a data centre: If buying cloud services from a data centre, you need to find out if your data can be recovered to another location if a problem develops in the main data storage site. Some data centres are part of a network, other companies only own a single site.

2. Risk of your emails being compromised

Commodity Hosting Services keep costs low by hosting numerous email domains on a single Exchange Server. This puts your domain at risk of viruses that may be received and activated by other customers running their mailboxes on that server. If the hosted Exchange Server is blacklisted, all of the domains hosted on it are blacklisted too. This means that regardless of how careful you are with your emails, your mailboxes could still be compromised by the actions of other users of the hosted service and your customers could begin to wonder about your company’s security.

3. Data Protection Act and Safe Harbour Directives Compliance

All companies in the EU are subject to special regulations in how they handle customer data, most notably for the UK, the Data Protection Act (DPA). In addition, the Safe Harbour Directives are seven rules that have been established specifically for US companies to comply with EU data storage directives. Businesses therefore need to far more vigilant about where their data is ultimately held and whether or not the hosting entity is compliant with the appropriate legislation.

4. Being subject to other jurisdictional laws

In recent months, there has been a lot of discussion around The Patriot Act giving access to the US government to data stored on US-based servers, as well as data held in the EU by vendors with US-based offices. While the US is prominent in these discussions, this is by no means an issue only in relation to the States. Therefore, it is wise to understand that you may be subject to the authority of the jurisdiction where your data and systems are hosted.

5. Is your business right for the cloud?

Migrating to the cloud is not ‘cookie-cutter’ appropriate for all companies. Depending on the type of business you have, the speed and reliability of the connectivity you have and a range of other variables, the cloud can be a godsend or a curse. When signing a 36 month agreement (as many of these agreements are structured), you need to be sure that you are not locked in a contract that in the long-term could destroy your business.

Simply put, if you work in a field where normal workflow depends on dealing with large files – print production, video, CAD or book-sized pdfs – relying on accessing these enormous documents via standard broadband connections like cable or ADSL can quickly put your productivity and business at risk.

6. What exactly are you paying for?

If you have opted for a private virtual server, or an array of virtual servers, determining the correct specification for the virtual network running in the data centre is a complex task. Speed and number of processor cores, type of software running on the servers, RAM, number of users accessing the server and connection speed – all are variables that can impact the performance of your infrastructure.

Also, some software does not work seamlessly in a virtual environment and physical servers hosting a number of virtual clients can overwhelm the capacity of the hardware being used. When signing a multi-year agreement, you therefore need to establish metrics that give you recourse to a change in strategy if performance is not what your company needs. And based on the variables at issue, the proposed change and the contractual arrangement could turn what started out looking like a cost-efficient alternative into a nightmare.

Understanding these issues and not just buying the marketing spiel is key to determining if migration to the cloud will be a boon or a horror for your business.

Marcie Terman is a New Yorker who has worked for DataFort since 2000 as Business Development Director and is responsible for the management of the business, developing its product and service portfolio, as well as overseeing customer development and account management. Prior to her role at DataFort, Marcie worked for a UK based hedge fund run by Allegiance Global Investments (AGI), primarily as Marketing Director on account of her broad and varied communications background, and went on to become a licensed Commodity Trading Adviser to US Markets. Marcie graduated from New York University with a Bachelor of Fine Arts degree in Film Production.

  • You make a very interesting point with number 4. It is always wise to choose cloud services based in the country your business operates in as the data you store will be governed by the laws and regulations in which the cloud is operated in. Even if services may be cheaper in another country you have to think about if it is worth it if all your data was seized.