How to prepare for the real cloud computing security threat

Many companies are concerned about their data being breached in the Cloud, but there may be a bigger cloud computing security threat to worry about. 

Cloud computing security plans typically focus on avoiding sensitive data being leaked or stolen by criminals while it’s in the hands of a third party. However, businesses should be more concerned a different threat: outages that lead to data loss.

There have only been a few known instances of data being breached in the Cloud, says Gartner cloud computing security analyst Jay Heiser. It’s much more likely that a cloud computing service provider will go down, making data temporarily or permanently unavailable.

Heiser cites major outages over the past two years involving Amazon, EC2, Carbonite and others, which in some cases left data unrecoverable.

The loss of data and productivity adds up to create huge financial losses for companies that use cloud computing services. In fact, cloud outages cost businesses an estimated $70 million a year, according to research from the International Working Group on Cloud Computing Resiliency.

How IT can prep for cloud computing outages

While cloud providers are responsible for keeping their own systems up and running, it’s the customers who pay the price after an incident. But despite the risks, just half the organizations surveyed by Gartner have a business continuity plan to address cloud outages.

Here are some steps businesses can take to prepare themselves for cloud vendors’ outages and avoid losing critical data:

  • Be clear about the service level agreement (SLA) — The cloud computing SLA should guarantee a certain level of availability and apply serious penalties if it that isn’t met. When evaluating providers, watch out for loopholes and other attempts to dodge responsibility for meeting the SLA.
  • Ask vendor references about outages — Also, check with providers’ references to see if they’ve experienced outages and find out how the provider responded during those incidents.
  • Don’t take backups for granted — Some cloud computing providers make backups of customer data, but others may not. It’s up to the company to find out if information is being duplicated and to make arrangements if it isn’t.
  • Have another process ready for critical operations — For operations the business can’t do with out, the company may want to have a backup process in place in case a necessary cloud computing service is unavailable.
  • Keep some data in house — To avoid the most serious cloud computing security issues, many experts recommend organizations keep the most sensitive, mission critical information out of the Cloud to begin with.