Story image

Disaster recovery: What to consider when choosing a cloud provider for data backup

30 Nov 2016

The business impact of the recent earthquakes has prompted organisations to think about their disaster recovery plans, and The Ministry of Business, Innovation and Employment (MBIE) says there are a number of factors to consider.

Organisations need to know all types of data they have, and whether that information can be secure. Some storage solutions can be kept on-premise and off-site, but how much information is in those storage facilities may be too much.

"You should regularly make copies of data — known as backing up — in case original data is lost or stolen. It’s also vital for your disaster recovery. If you store data in the cloud, this should be done for you. If not, look at getting software that backs up data automatically, so you don’t need to think about it," the MBIE website says.

In addition, managed ICT & business continuity solutions provider Plan B states that having access to data from other locations is important, as was particularly demonstrated during the recent earthquakes.

"As with any unplanned outage, customers that had clear business continuity plans were able to get up and running more efficiently than those that did not," Plan B says.

The company put together a list of tips to consider when forming a disaster recovery plan, and data access was high on the list.

"To ensure access to critical systems, have a plan for accessing your data and server infrastructure from another location if your production equipment is affected by an outage," the company says.

The Ministry of Business, Innovation and Employment says that in the event of an IT breach, hack or natural disaster, most cloud data should, in theory, be safe. The Privacy Commissioner has released a number of factors when analysing cloud computing risk - particularly when choosing a cloud disaster recovery provider.

1. Understand your company's needs and work out your risks - Personal information on an unsecured server would be better protected by a cloud provider, particularly in the event of data loss or hacking.

2. Understand what information you'll be entrusting with cloud providers - if it is personal information, there is more risk involved.

3. The responsibility is ultimately on you - you are giving cloud providers trust and access to personal information. Ensure that your contract covers safe and secure storage of private information.

4. Ensure your provider offers data encryption and also use encryption on your end - this makes it less likely for data to be misused.

5. Analyse any prospective cloud providers - are they independently and regularly audited? What is their reputation like? If they are New-Zealand based, they may be signed up to the Institute of IT Professionals CloudCode.

6. Understand the contract - what happens to the data if the cloud provider is bought our or goes under? Will you be told in the event of a data breach?

7. Explain to clients what you're doing with personal information when giving it to cloud providers.

8 Work out where the data is hosted and what privacy laws apply - not all providers disclose their data centre locations, but ensure they comply with government requests, legal procedures and complaints procedures. 9. What happens if you switch providers? Will the company keep or delete the information?

10. Does your cloud provider pass data on to a third party? Some providers outsource their services. The security of the outsourced companies must be as robust as your own provider's policies.

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.
Partnership brings AI maths tutor to NZ schools
“AMY can understand why students make a mistake, and then teach them what they need straight away so they don't get stuck."
Polycom & Plantronics rebrand to Poly, a new UC powerhouse
The name change comes after last year’s Plantronics acquisition of Polycom, a deal that was worth US $2 billion.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.