Business continuity planning in a cloud-first world

Please note: This post was written by Highlander prior to their rebrand to FluidOne Business IT - Sheffield.

As enterprises rapidly migrate business systems and data to multi-cloud environments, continuity planning must keep pace. Traditional strategies to minimise disruption – both due to expanded attack surfaces and operational dependencies introduced through distributed systems and data – have no choice but to evolve and adapt to new-world demands.  

Cloud adoption necessitates updating business continuity and disaster recovery plans to account for apps and data hosted on-premises and across many public clouds as well as SaaS. And as cloud disruptions cascade faster without localised physical control, continuity planning must reinvent incident response coordination to minimise business disruption. Here, we explore some of the key ways you can better prepare your cloud-empowered business against disaster.  

Legacy response playbooks are often heavily reliant on local disaster recovery sites and isolated incident management. This doesn’t translate well to entwined cloud services spread globally across regions, availability zones and dispersed vendor data centres, where severity and velocity of cascading outages increase exponentially. 

Recovery benchmarks also warrant re-evaluation, as restoring cloud workloads introduces additional considerations around provisioning speeds across instances, scaling bandwidth for data recovery, backup optimisation choices between cloud snapshots vs external data vaults, and testing entire dependency chains.  

To secure sensitive data against breaches, encryption provides a fundamental defence – whether data residing on disks/storage locally or in transit, protecting integrity and privacy is key. Safeguarding the privacy and integrity of sensitive business data traversing between networks and systems necessitates robust encryption protocols for maintaining confidentiality – especially as insecure transits can very quickly expose vulnerabilities.  

Transport Layer Security (TLS) for HTTP requests, multifactor authenticated Virtual Private Networks (VPN), and WPA3 secure Wi-Fi channels encrypt traffic in motion, preventing eavesdropping or tampering by cyber threats. Tokenisation further obfuscates intercepted information, rendering it unusable by attackers. With exponential data exchanges, proactively securing data in transit closes overlooked gaps that data-at-rest protections alone cannot guarantee. 

Safeguarding against accidental data leaks or theft requires data loss prevention (DLP) controls. Backing up data to multiple cloud providers is crucial to ensure availability and security. If you only use one cloud, any outage or breach of that provider means your data is inaccessible or compromised. Spreading backups across clouds mitigates these risks. If one cloud goes down, your data in another remains available. If one suffers a breach, your data in others stays secure. The small added cost is well worth it for the vastly improved resilience. However, it’s imperative that you ensure your primary and backup clouds are entirely different. Too often, companies have been caught out by clouds that have different names but are in fact built on the same platform… 

The 3-2-1-1 data protection methodology provides best-practice guidance for comprehensively safeguarding business data against loss. It necessitates maintaining at least three separate copies of data stored on two different storage media types, with one copy located offsite and one copy as an air-gapped, immutable backup. This layered resilience approach defends against hardware failures, disasters, ransomware and other risks that could disrupt access or corrupt datasets. Rigorously applying the 3-2-1-1 rule warrants investment, but hedges against catastrophic data disruptions that could financially or reputationally cripple organisations when unrecoverable. 

With ransomware increasingly threatening business data, robust preparations tailored to cloud infrastructure provide vital defence. Core safeguards include configuring object locks and versioning in cloud object stores to facilitate restores, instituting least-privilege controls and adaptive authentication on access, encrypting data comprehensively, and maintaining air-gapped immutable backups offline across separate regions to enable resilient recovery.  

Orchestrating controls and protocols across infrastructure layers, balancing usability and security for users, and testing restoration procedures are all sure-fire ways to harden cloud environments against devastating ransomware reaching epidemic scales. 

It’s clear the cloud demands a lifecycle approach to data security which encompasses obligations unique to cloud environments as opposed to legacy data centres. But by reinventing continuity management to harness cloud agility – without diluting resilience or governance – organisational preparedness for managing complex, unpredictable faults across modern environments can quickly be hardened.  

And of course, that’s not to say you can forget about your on-prem environment entirely. It’s easy to fixate on protecting apps and data in public clouds, but if much of your most critical data resides on-premises, you should look to tools like Zerto to reliably perform continuous replication between your own data centres and even public clouds. 

Ultimately, as with many tech strategies, while the principles endure, the implementations must continue evolving. For help protecting your IT environment against disaster or disruption, speak to the Highlander team today.