Cloud computing. Cloud-native computing. Software as a service. They're all secure and reliable. Except when they're not.
Recently, we've seen Microsoft Azure suffer an extended outage and Docker Hub get hacked. Organisations deploying SaaS applications often assume the vendor provides adequate data protection and they neglect the need for backup. However, the last few years have seen massive outages among some of the major cloud and SaaS providers that seem to have brought down the internet; service outages that might or might not have halted productivity within thousands of companies; and any number of SaaS start-ups shutting down, getting hacked or simply just losing data.
Higher standards of customer experience are driving demand among end-users for always-on services. As a result, end-user tolerance for disruption is at an all-time-low. Simultaneously, end-users now have the power to publicly vent their frustrations with disrupted organisations via social media, thus exacerbating the overall reputational damage of service outages.
Combined with the threat of disruption causing a breach of regulatory compliance and landing organisations with huge penalties such as those stipulated in the GDPR, it is understandable why some organisational leads may hesitate when migrating operational infrastructure to the cloud.
But, of course, clinging to the past would be crazy for any company that actually wants to remain competitive by using and building cutting-edge applications. For all but a small handful of companies (some of which actually run public clouds), there is no realistic vision of a successful future that doesn't involve some combination of clouds, containers and SaaS – probably all three.
The trick is adopting these things intelligently and accounting for the very real possibility that something will, at some point, go wrong. To support any cloud hosted applications, an effective back-up strategy needs to be put in place. The same goes for each SaaS application.
What the best solutions look like will vary widely based on the company, although it seems logical to settle for nothing less than cloud-native best practices around high availability and automated security patching. That means building resilience into the compute, storage and networking tiers, designing apps that tolerate component failure, and sometimes using multi-cloud platforms.
And while container security is a newer concern than, say, VM security, there are a lot of tools-from start-ups, large IT vendors and even open source communities-that can provide peace of mind. A SaaS application that doesn't let you export your data is probably not a SaaS application worth using, but the good news is there's no shortage of SaaS applications.
For example, application components can be automatically patched and upgraded, while application infrastructure should regularly be re-paved in order to expunge any system-level malware or advanced persistent threats. At the application level, a growing number of organisations are adopting tools that automatically scan code for vulnerabilities and offer guidance on how to remedy them.
Ultimately, the process of SaaS backup is similar to backing up a standard but complex on-premise application. Look at the whole service and ensure all the components and dependencies are covered in the back-up plan. When managing a SaaS application, the nature of the business is providing services to consumers, not internal staff. The stakes – in terms of both reputation and financial impact – can be significant. It is essential that, as a provider, any disruptive issues around providing the service are mitigated as much as possible. Backup is part of that continuity planning.
What businesses can't do is let fear and uncertainty get in the way of progress, which is what cloud computing, however defined and in all its forms, ultimately delivers. Getting things like security and reliability right might require spending a little more time and money on software, engineers, and maybe even lawyers, but the payoff over the long term should make up for any early investments many times over.
In today’s business environment, settling for the status quo isn't a viable option, thinking ahead is a much better option than rushing into the cloud and ending up on the receiving end of an outage, breach or other large-scale incident that could have been avoided with just a little forethought.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.