You are on page 1of 16

Cloud Computing Security

Lecture 6A Business Continuity and Disaster


Recovery

Ubaid Ur Rehman
ubaid.rehman@seecs.edu.pk
Agenda

Introduction
Business Continuity and Disaster Recovery (BCDR)
Requirements Addressed
BCDR Implementation
Considerations
Business Continuity and
Disaster Recovery (BCDR)
BCDR are the contingency plans and measures
designed and implemented to ensure operational
resiliency in the event of any service interruptions.
BCDR plans have always been important to any
business.
IT systems have become more central to all areas of
business, the ability to quickly and reliably recover
these systems has become critical.
Traditional vs Cloud Centric
BCDR Plans
Traditional BCDR Plans
Traditional BCDR plans have involved storage of
backup media at off-site facilities.
Cloud Centric BCDR Plans
Cloud centric BCDR makes use of the clouds
flexibility to minimize cost and maximize benefits.
Cloud providers typically do not offer a complete
BCDR service, which may include office space,
monitors, phones, etc
Cloud providers primarily offer availability for servers/
systems and storage, and possibly end-user access via
virtual desktops
BCDR SecaaS Benefits
Recovering Workloads to the Cloud
The CSP (Cloud Services Provider) will host all
replicated systems in the cloud, making them
available in case of DR.
Effectively Unlimited Scalability
A key component of any cloud-based service is its
elasticity and effective unlimited scalability.
Secure and Reliable Infrastructure
A CSPs business and reputation are based on services
that are secure and available.
Pay per Use
Consumers pay only for the actual use of the service.
No (Minimal) Systems BCDR Expertise Required
There is a significant reduction in the expertise and
effort required on the part of the consumer versus
traditional BCDR solutions
BCDR SecaaS Benefits
BCDR SecaaS Solutions
BCDR SecaaS Solutions
BCDR Requirements
Business Drivers
There are numerous business drivers when planning,
executing and testing BCDR solution either for
traditionally hosted systems or those already in the
cloud
Cloud-based BCDR solutions offer:
Flexible Infrastructure
Secure Backup
Monitored Operations
Third-Party Service Connectivity
Replicated Infrastructure Components
Data and Application Recovery
CSP can help the customer with various non-technical
issues such as addressing legal issues, data privacy
concerns, and operational concerns
BCDR Implementation

Considerations
Implementation

Concerns
BCDR Consideration
Consideration
What is the value of an entitys data to the business
and how much will it cost to replace it, if it is lost or
stolen?
After conducting a Risk Assessment/Risk Analysis,
what data should go into the cloud?
How effective is the CSPs own BCDR Planning?
Elasticity of the Cloud Provider Can they provide all
the resources if BCDR is invoked?
How is DR testing achieved? Does the CSP support
DR testing?
H o w a r e p h y s i c a l a n d v i r t u a l w o r k l o a d s
accommodated when using cloud for BCDR?
How are the DR services accessed if invoked?
BCDR Service Level
Agreements (SLAs)
Determine the best acceptable RTO/RPO (Recovery
Time Objective/Recovery Point Objective) for all systems
whether Cloud or Non-cloud Apps/Data/Systems.
Integrate Cloud versus Non-cloud Services into SLAs.
Establish Performance Requirements.
Cite Bandwidth Requirements for things like replication
to the CSP and client access to hosted services.
Detail System Requirements for Recovery Workstations.
Provide a Declaration of DR Procedures and Workflow.
Specify how failover and failback are handled.
Services Already Hosted in
the Cloud
Ensuring that services work correctly in performance and
scale, as well as functional terms, are critical
considerations.
Understanding the location of the CSPs DR site(s) also
is critical, as it may impact both performance (latency
issues) and regulatory compliance, in addition to
survivability concerns.
If your services are hosted already with a cloud provider
who has multiple data centers in your legal jurisdiction/
region, or if there are no regulatory or business reasons
why your data cannot move, then setting up BCDR for
your services.
In-house Traditional Non-
Cloud Services
Disaster Recovery for traditional, non-cloud hosted
systems, when provided as a cloud service, has many of
the same issues and concerns as any other DR solution
relying on data replication to a remote DR site.
Considerations regarding physical systems should
include:
Can the system/application be virtualized?
Is virtualization supported by the vendor?
Does the system rely on any non-standard physical
components (dedicated PCI cards, USB/parallel port
dongles, etc.)?
Are there licensing issues with virtualizing the
application?

You might also like