more-arw search

Q&A Forum

What are best practices in cloud storage contingency planning?

How secure are cloud provider servers in regards to data security, disaster planning, recovery, etc?

This question was asked by an attendee during the Proformative webinar “Best in Class Finance: How to Improve Controls, Achieve Compliance Efficiency and Streamline Reporting in the Cloud” which took place on March 26, 2013. Join the discussion and add your insights below.


Topic Expert
Keith Perry
Title: Director of Global Accounting
Company: Agrinos, Inc.
(Director of Global Accounting, Agrinos, Inc.) |

I for one have been using various flavors of this for about 15 years; while no disasters* have hit, I've been impressed by the utility of small scale repairs (power out, room flooded, etc).

In my experience, the current providers are doing the right things: redundant geographically; good recovery tools; virtualized server far as performance, the providers out there are in a very competitive market, and there are non-finite solutions to meet your specific needs. We could do all of this when I was at IOS a decade ago, and it has gotten much, much better.

Regarding security, there are flavors. Peter Magnusson over at Google had a great presentation on this last year at CloudConnect; in the debate over proprietary clouds and open clouds, in theory the proprietary one is safer as it is like a walled city. A highly controlled environment like that can offer levels of verification that an open system can't. It is, however, a big target, so there seems to be a tradeoff.

Generally speaking, however, these guys are heavily reliant on trust and focus on security, so they do the right things right. It isn't a guarantee, but likely they can do a better job than your own shop. On the list of things to worry about, this one is relatively low for me. Device level security is much, much higher.

The one where I've not seen the majors do a good job yet (I stopped looking for this 3 years ago) is in protection from deemed-export. You can get your own server at Rackspace and lock it, and meet the guidelines, but that is just hosting. To meet ITAR and related requirements requires a dedicated infrastructure cloud-wide. If you look at Nexprise, for example, they provide this but by giving you (in most cases) dedicated space. That is not cloud.

*Perhaps I've been jaded because I could recover from flooding? Had I not, it would have classed as a disaster.

Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email [email protected] to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.