Digitale data zijn cruciaal voor de werking en het voorbestaan van uw organisatie. En meer van deze data, toepassingen en infrastructuur verhuizen naar de cloud. Ul eert hoe u anno 2015 de uptime van uw IT (en dus ook van uw bedrijf) kan optimaliseren. Uiteraard speelt de cloud hier een belangrijke rol. We laten u zien hoe cloud diensten in relatie kunnen staan tot de continuïteit van uw bedrijfsvoering en welke waarborgen zij eventueel kunnen garanderen.
Cloud Computing kan heel technisch benaderd worden, maar voor u als ondernemer is het belangrijkst dat u begrijpt wat Cloud Computing betekent en wat het voor u kan betekenen. We bespreken hierna dan ook kort de belangrijkste kenmerken van Cloud Computing, de voor- en de nadelen ervan en hoe u een geschikte partner kiest die u hierbij kan helpen. Daarna zullen we Cloud Computing wat nader toelichten aan de hand van een praktijkvoorbeeld.
Cloud volgens het bedrijfsleven – Hoe kijkt de ondernmer naar de Cloud?
Top 3 Drijfveren voor over te schakeln naar de Cloud
Cloud volgens het bedrijfsleven – Hoe kijkt de ondernemer naar de Cloud?
Top drie van bezwaren tegen Cloud computing.
Afhankelijkheid van netwerk
Het duidelijkste nadeel van cloud computing is dat je afhankelijk bent van je netwerkverbinding :
Je bent namelijk verplicht ‘online’ zijn om te kunnen werken
Stabiliteit en snelheid van je internetverbinding bepaalt gebruikerservaring
Afhankelijkheid van Cloud Provider
Naast de afhankelijkheid van de verbinding naar de cloud is er natuurlijk nog de overlevering aan de aanbieder daarvan. Welke cloud-partij vertrouw je met je kostbare applicaties, je kostbare data? Denk daarbij aan betrouwbaarheid van de aanbieder, bedrijfscontinuïteit van die leverancier, technische betrouwbaarheid van de cloud-dienst, maar ook aan de verschillen in wetgeving omtrent data tussen Europa en de Verenigde Staten.
Niet alles is ‘Cloud-ready’
De meeste standaard-toepassingen zijn wel beschikbaar via een Cloud-model, maar sommige programma’s (zoals bvb boekhoudsoftware, software die technische aparatuur aanstuurt, eigen ontwikkelde software ...) kun je gewoon moeilijk migreren naar de Cloud. Er bestaan Cloud providers die u toelaten uw eigen software in de Cloud te draaien, maar het prijskaartje hiervan ligt uiteraard een stuk hoger dan hetgeen standaard wordt aangeboden.
Groeipijnen
Vraagt een andere manier van denken en dus ook van werken.
SLA
Het lijkt misschien vreemd dat dit zowel bij de voordelen als nadelen vermeld wordt, maar de verklaring hiervoor is eenvoudig :
Er is wel wat ruimte om applicaties en diensten aan te passen aan de wensen van individuele klanten, maar de mogelijkheden om service-level requirements aan te passen op maat van een welbepaalde klant lijkt minder vanzelfsprekend bij een Cloud Provider, dan wanneer deze door de eigen IT afdeling volledig in het teken van de bedrijfsdoelstellingen worden ingericht.
Demands of the Always-On Business are increasing due to:
- More frequent, real-time interactions between customers, partners, suppliers and employees (65 percent)
- The need to access applications across time zones (56 percent)
- Increased adoption of mobile devices (56 percent)
- Employees working outside regular hours (54 percent)
- Increasing levels of automation for decision making and transactions (53 percent)
82 percent of CIOs are facing an “Availability Gap” between the level of data protection they can provide, and what their increasingly always-on businesses demand
Even in the best possible case, enterprises will lose over $2.11 million from lost productivity, opportunity and unavoidable data loss every year
93 percent of enterprises are increasing their requirements for minimizing downtime – i.e. recovering data faster
92 percent are increasing their requirements for guaranteeing access to data – i.e. backing up data more often
On average, enterprises encounter unplanned downtime 13 times a year, or more than once a month
This downtime lasts an average of 1 hour 20 minutes for mission-critical applications, meaning enterprises can suffer over 17 hours of downtime per year
The longest scheduled commercial flight in the world, from Dallas Fort Worth to Sydney, lasts 16 hours 55 minutes
A single hour of downtime costs $82,864 for mission-critical applications and $43,886 for non-mission-critical applications, in lost revenue, decreased productivity and missed opportunities
This means that over a year, downtime alone will cost enterprises between $1,432,717 and $2,264,951
1 in 6 recoveries of backups fails. With 13 downtime incidents a year, this means two of these will be unrecoverable
In these cases, organisations will suffer the maximum possible data loss at a bare minimum, as they’ll need to roll-back to the last healthy backup
This translates to a guaranteed data loss of $682,182 a year regardless of when failures happen in the backup cycle
Over a year, downtime alone will cost enterprises at least $1,432,717 – added to the guaranteed data loss, enterprises will lose over $2.11 million from lost productivity, opportunity and unavoidable data loss every year
For a business to be always-on, its RTO should be 15 minutes or less. To reach this, businesses would need to recover data 2 hours and 37 minutes faster
Similarly, to avoid the risks of data loss, RPO should be 15 minutes or less. To reach this, businesses would need to reduce their time between backups by 4 hours and 34 Minutes
Data center modernization is a popular trend in organizations globally. But what exactly does this mean to organizations and exactly how are they investing their IT budgets? The graphic here shows what modern technologies that companies consider to be a top investment priority for their data center.
Virtualization
A quick glance at the survey results shows us that virtualization is the biggest area of investment, with some 97% of companies increasing or planning to increase
their spending on it. Virtualization provides the foundation for infrastructure consolidation, rapid provisioning, and mobile working – three major capabilities
that enable always-on business operations.
Operational system and storage upgrades
It’s also unsurprising to see heavy investment in storage upgrades. With data volumes growing every day, and more and more businesses unlocking the power
of analytics, one of the biggest challenges IT teams are facing is efficiently storing and enabling fast access to huge quantities of data.
Data protection and disaster recovery
With greater volumes of data, comes a greater risk of downtime and data loss – the costs of which can be extremely high. Stronger data protection and disaster
recovery capabilities are needed not just to comply with regulations and avoid the costs of data loss and downtime, but also to ensure companies can meet tough
Recovery Time and Recovery Point Objectives.
Cloud computing
The cloud is gaining popularity as an IT platform – granting better business agility, the simple extension of services to remote devices, and helping cut costs
with subscription-based software pricing modules. For modern businesses, it provides an easy way to get the tools and IT services they need for less, while
cutting CAPEX costs.
NSA is in the House
The Veeam Availability Suite answers the 5 key best practices Questions that face customers of the always on business:
How quickly can you recover what you need and in the form that you need it, file, email, VM and applications:
What are you currently doing to eliminate or minimize the risk of data loss?
How do you verify data recoverability?
How do you mitigate risks? What are you doing to ensure that your critical files, applications and virtual servers are recoverable in the event your production copies become corrupt?
What are you doing to detect potential problems in your IT environment and data protection infrastructure before they have negative impact? How do you gain better visibility?
So when I speak to customers’ often people say hey we are different, and I understand and recognize that everyone is a little bit different, but let me give you a sense of how we’ve seen this scenario play out at similar companies from your industry. (Please select here the 1-2 customer case studies from the next 9 that support this customer presentation)
A: Depending on your company’s knowledge and experience, you might want to provision resources yourself using interactive tools instead of having to call the CSP whenever you want to change your cloud-computing environment.
Try to get a detailed description of the configuration tools available and verify the availability of management APIs allowing you to integrate cloud management in your existing IT management framework.
A: If you are moving business critical applications to the cloud the availability of these applications is of extreme importance.
As such all cloud computing components necessary to support these applications should support at least N+1 redundancy including the network connectivity components.
Of course, CSP network redundancy will not help if your site loses its non-redundant network connectivity!
A: Sad but true: bandwidth overbooking happens a lot based on the idea not all customers will be using the maximum available bandwidth simultaneously.
Ask your CSP what the minimum guaranteed bandwidth is under full load conditions.
Remember you need to be able to send and receive network traffic so make sure to get the minimum guaranteed bandwidth for both incoming and outgoing traffic.
A: Resource pooling refers to the grouping together of resources (assets, equipment, personnel, effort, etc.) for the purposes of maximizing advantage and/or minimizing risk to the users. By pooling resources, which involves virtualization of typical IT stacks server, storage and networking (but also on the level of datacenter power and cooling), users benefit from lower individual investments since resources are shared. Although shared infrastructures have huge benefits potential issues on the shared components will impact all users of the shared environment. A thorough analysis of the infrastructure is recommended to identify potential single points of failure. One may opt for 'private' instances (private clouds) for specific needs or for specific reasons. On the level of resource pooling bigger suppliers tend to have the benefit of being able to provide shared support services with round the clock service. What do you prefer: round-the-clock access to a support service with potential less expertise or having to rely on a single support engineer who is on duty during off peak hours?
A: Remember cloud computing is about sharing resources with a number of, in general, unknown outside parties. A thorough risk assessment is needed and you should be informed about the measures and techniques used by the CSP to guarantee logical separation of data between the different tenants sharing the cloud-computing resources. This risk assessment should of course also take into account the nature of the data you intend to move into the cloud.
For sensitive data you might want the CSP to provide a configuration that minimizes the sharing of sensitive resources such as the disks containing your organisation’s sensitive data.
A: Quite often backups are a billable option but some CSPs offer a “no data loss” guarantee as a basic service. A “no data loss” guarantee is usually implemented using data replication between multiple datacentres and is to be considered as essential.
Some CSPs offer “no data loss” guarantees without stating a specific Recovery Time Objective (RTO) and/or Recovery Point Objective (RPO).
Make sure you fully understand the possible consequences of this sort of guarantee.
A: How much control do you have for implementing a backup/restore policy adapted to your business needs? Make sure you have detailed information available about the backup and restore policies and procedures.
Find out what possibilities you have concerning the testing of your backup and restore policies.
A: For continuity and availability reasons a CSP should operate at least two datacentres. It is also important to know where these datacentres are located to assess their chances of surviving a catastrophe and to check compliance with data storage legislation relevant to your business.
A: You will want to do business with a CSP you can trust. Certification and auditing provides the foundation for trust. CSPs need to be able to show that they can live up to the promises they are making.
Certification and auditing can cover many control objectives:
CSP organisation, planning, governance and risk management
Documented policies and procedures
Service change management
Event management
Logical security
Change management
Data integrity
Physical and environmental security
Service level agreements
Client reporting, billing and satisfaction
Financial health
A: You may be interested in evaluating the way your CSP communicates with you. For critical events concerning your applications and data you will probably want to communicate with your CSP via telephone using the local language.
For less urgent matters email communication should be sufficient.
A: Is the scaling of resources automated or not? You should at least be able to set alerts on resource thresholds to allow you to monitor resource consumption and, if needed, to reconfigure the resources assigned to your services.
Some systems will assign additional resources automatically when needed but you still need to be informed. Also, make sure the scaling mechanism covers both the addition and removal of resources.
A: Most CSPs advertise scalability but often they forget to mention if a server reboot is necessary after reconfiguring the assigned resources. Depending on the server’s role, a reboot might be something you want to plan carefully if it is unavoidable.
A: Most CSPs offer an SLA on the availability of the cloud service. Typically this availability would be between 99,95% and 99,99%. It is important to know how the effective availability of the cloud service is calculated. If calculated on a yearly basis, experiencing a 50 minutes downtime still meets the 99,99% availability SLA.
If calculated on a monthly basis, a 5 minutes service interruption breaches that very same SLA. Make sure you understand the SLA details and the other general contract conditions. Negotiate if the standard SLAs do not fit your needs and make sure your contract clearly states the penalties (if any) for not meeting the SLA.
A: Since your organisation remains accountable to regulators, business partners, customers and employees you should not consider using a particular CSP unless it meets the compliance and security standards applicable to your industry.
Remember outsourcing an application and its data to a CSP does not include a transfer of the responsibilities that go with it.
Pay particular attention to respect of the applicable privacy rules and regulations.
You may want to check compliance with the EU Data Protection Directive (European Commission Data Protection web site) and the EU Proposed Directive on Network and Information Security (Frequently Asked Questions on the Proposed Directive on Network and Information Security).