Summary
We shine a light on the growing conversation around business continuity and cloud reliance. CommSec founder David McNamara warns that overdependence on a single cloud provider is a serious risk. “The promise of the cloud was freedom... but the reality is more complicated. The bigger it gets, the harder it falls,” he says. His advice? Split infrastructure, plan for outages, and take a proactive approach to service resilience.
David McNamara is the founder of Commsec, an IT security company based in Dublin, with a background in the Irish Defence Forces and with large multinationals in Ireland. He thinks overreliance on cloud infrastructure is a growing problem.
“Depending on any one provider for anything really important is a serious risk to business continuity. When companies are looking at cloud services, they should be thinking about the resilience of that provider as well as the cost and convenience. It’s common for people to think that because these companies are very big and have a lot of resources, that means if there is a problem they’ll get it resolved quickly and it’ll be fine,” he says.
Business continuity and risk mitigation are a little like insurance, he argues, in that they seem like expensive luxuries until they’re needed, at which point they become the most shrewd investment possible. And data outages are also like most other forms of business continuity threats, in that people tend to think it won’t happen to them.
“Not every company will be able to weather a storm for long enough to come out the other side (of an outage). Maybe big companies can but smaller ones are far more exposed. If it’s a long outage and your brand and reputation takes a hit, and you lose business, it can cost a lot,” he says.
“This is why you should have a business continuity plan, and service resilience should be right up there in it.”
According to McNamara, there are tangible ways around over reliance on any one provider. To start with, divide up your exposure amongst multiple providers – don’t rely on one. “It’s a good idea to spit your resources between two different data centres and where possible to have a replica of your infrastructure in another location that’s separate to your primary. Yes, it’ll cost but what is the cost of an outage?”
“Maybe you can survive for 24 hours but after that, how long could you go without the service? What if it never came back?” he says.
He makes the point that there doesn’t have to be cyber criminals and hackers at work to cause service interruptions. Most major cloud outages in recent times have been linked to technical issues like botched software updates and bugs, showing that even the largest and best-resourced cloud providers aren’t immune to these issues.
It’s also worth noting, he adds, that if you’re a small company it is not likely that you will be at the front of the queue for support when a major outage happens. While your cloud spend may be significant to you, it probably isn’t to them.
“If you’re going to choose a hosting provider based on cost, maybe factor in what if that provider goes down? How critical are my services to my customers and if was out for more than two hours, four hours, 10 hours ‒ whatever it might be ‒ what would the impact be on my business?” he says.
“Taking a risk management approach to your business about the provision of third-party service providers is really important.”
The promise of the cloud was freedom: from hardware, from maintenance and from downtime. Shift your costs from capital expenditure to operating expenditure. But the reality is more complicated. The cloud centralises risk even as it distributes service. And the bigger it gets, the harder it falls.
The good news is that resilience is possible. The bad news is that it takes money, planning and awareness — things many small companies don’t prioritise until it’s too late.
Read the full article on the Business Post