Why Planning Your Data Exit Before Entering the Cloud Is an Absolute Must
Thu 15 Sep 2016 | Fredrik Forslund
According to RightScale’s 2015 State of the Cloud survey, 88 percent of enterprise businesses are using the public cloud and 63 percent are using the private cloud. There are many reasons for this increase in corporate usage of public and private cloud environments. Doing so can offer organizations greater IT control, centralized management and delivery efficiencies.
But at some point or another, there comes a time when your organization will need to remove your data. Maybe a cloud storage provider isn’t meeting up to its pre-defined expectations, or they’ve decided to change the terms and conditions of their agreement. Perhaps they’ve had repeated outages. Or it might be as simple as coming to the end of the service agreement or contract, and choosing to hire a new provider. Whatever the reason may be, one of the biggest mistakes a company can make is not plotting out every single step of the data exit plan before entering the cloud in the first place. Failing to do so could triple the likelihood of losing customer trust, loyalty and long-term business. To understand why this is so critical, here’s what I had to say in a recent Q&A.
Given industry predictions that the cloud is the future of data storage, why is it so important for organizations to plan their data exit strategy up front?
If all goes well, a company may never actually have to implement its data exit strategy. But it’s about being proactive – so you don’t get stuck in a situation where you didn’t plan properly. To businesses, I would urge you to account for certain changes within your business, such as new executive leadership, financial constraints and mergers and acquisitions. Each of these could have an impact on your cloud strategy. Maybe your new leadership team decides to use a new provider. Following a merger, perhaps your organization has decided to consolidate and reduce the total number of cloud service providers.
Additionally, you should think about external factors that are outside of your control. Take, for example, the Safe Harbor agreement, a framework providing guidance on cross-border data transfers between the EU and US, which was ruled invalid by the ECJ. This means that companies relying on the agreement, including the likes of Google, Facebook and Twitter, are now faced with the possibility of revising their entire cloud strategy. You may also remember back in October 2013, cloud service provider Nirvanix went out of business and filed for bankruptcy, notifying customers that they had two weeks to move their data off the service before its operations ceased. This led to chaos and panic among their customers, many of whom would have regretted not planning for such eventualities.
What should businesses include in their exit strategy?
When planning your data exit strategy from the cloud, you should account for the following: expected costs, owners, timescales for execution, distribution and communication of the plan to necessary parties (internal and external) and potential scenarios that could require the implementation of the plan in the first place. Essentially, your service level agreement should include descriptions of what happens to you and your data the day you decide to leave. Planning your exit strategy in advance will also allow you to hold your service provider accountable and verify what systems, processes and tools they have in place to support your requests.
To give you an idea of what components businesses should include in their cloud data exit strategy, I have outlined some of the most important questions to ask yourself.
• How many servers and how much data on those servers needs to be moved?
• Is it possible to extract data from the cloud? And will it be 100 percent loss-less?
• What are the costs of terminating the cloud provider’s services and removing all of the data from their environment? (Although many businesses consider the costs associated with entering the cloud, they often don’t do the same due diligence or proactive planning regarding leaving. This can end up being incredibly expensive and could potentially result in a serious data leak.)
• How will data be migrated out of the cloud provider’s environment? Who will be in charge of doing this? Will there be additional costs?
• What are the inherent security considerations? How will unwanted data be securely erased from the cloud? What kind of proof and audit trail will you obtain from your service/cloud provider that your data is securely erased? Is that proof valid?
• Is data being encrypted during transfer?
• What is the business impact (both financial and operational) of moving systems?
• Can you provide a high-level plan including the basic process, estimated costs and timescale?
To quote Nick Carr, author of Does IT Matter?, The Big Switch and The Shallows, “Discontinued products and services are nothing new, of course, but what is new with the coming of the cloud is the discontinuation of services to which people have entrusted a lot of personal or otherwise important data – and in many cases devoted a lot of time to creating and organizing that data. As businesses ratchet up their use of cloud services, they’re going to struggle with similar problems, sometimes on a much greater scale. I don’t see any way around this – it’s the price we pay for the convenience of centralized apps and databases – but it’s worth keeping in mind that in the cloud we’re all guinea pigs, and that means we’re all dispensable.”