Guide

Cloud computing

Cloud downtime and business continuity

In case of critical systems failure, business continuity planning can help ensure the survival of your business.

Cloud as a business continuity solution

Cloud computing can form a part of your business continuity plan.

Cloud computing service providers back up and protect your data by holding it on servers remote from your physical premises and your own hardware. So if, for example, employees are unable to work in their normal building due to fire or flood, they could still access files and information over the internet and continue working.

Continuity of cloud services

It is possible for cloud service providers to lose data, suffer denial of service attacks, or go out of business. These possibilities should be factored into your risk assessments, especially if all your IT resources are hosted in the cloud.

To ensure business continuity and effectively plan for a loss of your cloud services, you should:

  • conduct a business impact analysis or vulnerability assessment to identify critical services
  • select an appropriate recovery strategy, eg back up data or replicate servers to another remote site
  • test your recovery strategy and tools regularly
  • consider your cloud provider's resiliency and standard compliance
  • review your service level agreements

Cloud service level agreement (SLA)

An SLA is a binding agreement between a cloud storage or service provider and you, the customer. It establishes important criteria regarding the service, including:

  • availability – ie minimum levels of uptime
  • performance – eg maximum response times
  • security and privacy of data – eg encryption of all stored and transmitted data
  • access to data on the service provider’s systems
  • system infrastructure and security standards the provider is expected to maintain

Individually negotiated SLAs with your cloud service provider should include availability guarantees and penalties if the service is interrupted. However, many consumer services - eg free applications where you accept the provider's terms and conditions rather than negotiate a contract - specifically exclude these provisions from service agreements.

Contracts should also take into account sector-specific legal requirements - eg the UK money laundering regulations for businesses working in financial services.

To guard against the possibility of complete loss of data from a remote provider, you should consider backing up all data using servers that are under your physical control, or using a back-up cloud storage provider - although this will involve additional expense.