Do You Control Your Mission Critical Data?

Thursday April 26, 2018

Cloud computing has caused a massive shift in how many companies do business; in some ways the shift is comparable to the introduction of the Internet itself. A big part of cloud computing is moving servers, raw data, application data, or business processes to the cloud. Almost by definition, when you move to the cloud you are putting this data on hardware owned by another entity. In many cases this includes mission critical aspects of your business' ecosystem.

At SpotLink, we have seen an increasing trend in businesses doing cloud migrations without considering the exit stage of the cloud services. The decision maker selects a service that may lower costs or simplify the administration. However, when that business wants to terminate the specific cloud relationship, they find that they are not able to export their data electronically, the access to export functions are restricted, or the data extraction process is artificially made much more burdensome than is needed or reasonable. This is a new way that cloud services try to “lock-in” clients by building artificially high exit barriers; and in many instances we have seen these lock-in strategies be effective. We have had prospects who were unhappy with their current cloud services provider and who wanted to leave, but have resigned themselves to staying because the exit cost was just too high.

So if you are considering moving to a cloud service, keep the entire lifecycle in mind. Here are some questions to ask before moving your mission critical items to their services:

1. Does the service agreement you are entering have a clause that the data is your property, and they will not harvest or sell your data to another third party? - If not, your customers and vendors may end up on a marketing list that may be accessible to your competitors, and, depending on the nature of the data you have, you may be obligated to report a “breach” of your customer’s data. Most companies have gotten better about this, even though almost all will require the use of your data for aggregation statistics that they can publish. However, if you are going with a small or unreputable service, the risk is still out there, so look for a protection clause in the terms of the contract.

2. If you are using a cloud application, do you have access to the SQL or Oracle database behind your application with table descriptions? (Probably not) If not, can you export your data in a way that can electronically be uploaded to another database or service (standards differ for each industry and application class). - If not, you may have to rekey-in all the data, which can be extremely costly from a labor and time perspective.

3. If you are using cloud servers, are you able to export VHD or VMDK images so you can quickly and easily move the entire server images to another IaaS provider. – If not, you may have to migrate the services, which is much more expensive in time and labor, and may require duplicate services/licenses during the migration.

4. If you are using a cloud server or platform, do you have administrative access to the platform to do data dumps to upload to another PaaS service? - If not, you may have to manually copy the raw data, and rebuild the security and attribute properties encapsulating it.

The cloud offers many opportunities to simplify and enhance your business. But you can also paint yourself into a corner: trapping yourself into a poorly performing service with no economical way out. The best way out of this is to be sure it doesn’t happen in the first place by assuring that you keep full control of your mission critical data.

Tags: Data, Security, Cloud

« Business and Home Security in the Age of the IoT (Internet of Things) - TekTalk: Data Protection and Recovery »