One of the major concerns that prevent many IT heads from even thinking of the Cloud is security. When I talk with colleagues about safety and security regarding Cloud systems, I often hear the notion that our data are not safe in the Cloud. They say, “I have control over my data on premises. They are safe and sound there.” I have to admit that I said exactly the same thing half a year ago before I started looking into Cloud solutions and Digital Transformation. Severe problems like hacking of Dropbox (2014), Evernote (2013), and Sony (2014) seemed to prove this to be true.
Let’s take a sober look at it.
Is it really true that my data are safe on premises?
First, let me mention a couple of incidents that I heard from my IT colleagues and that we experienced. If you start to pay attention, you will find similar stories in your circles as well.
- The IT department of a smaller SMB (<200 employees) was working on their storage system and needed to do some maintenance. The risk was considered minimal. The system was highly overprovisioned. When they applied the changes, their storage system immediately went down.
It was a firmware problem that could have been avoided if they would have taken the time to update their systems on a regular basis. In the course of this, they lost data of roughly two days, and the entire company was down for three days since the ERP system was highly affected. There was no production and most of the employees had a compulsory leave.
- Another company (2,000 employees) had a fire in a storage hall on the premises. When the firefighters came, the first they did was to cut off the entire electricity of the plant. Since the firefighters prevented the IT staff to access their data centers and other facilities, the servers and storage systems went down one by one after the UPS systems were drained. It took a couple of days until the entire IT system was up again. No office was harmed; the employees could have worked.
Fortunately, the fire did not damage any core systems of the IT. Besides that, the fire started on a Friday evening giving them the entire weekend to restore the systems.
- We had a major issue with our two core switches that connect our data centers. There was a tiny configuration change that the system engineer from our system house did on both switches. The firmware of these switches was not up-to-date (If it ain’t broke, don’t fix it). This idea turned out to be wrong. The problem with the firmware eventually led to the situation that both core switches stopped responding after two days. The result was a total downtime of six hours since none of our systems were accessible anymore. Everything had to be shut down, firmware had to be upgraded, and three external specialists plus our entire team were working hard to solve this.
What can we learn from this? Big enterprises don’t allow casually changing configuration of core systems. They have implemented ITIL processes. SMBs can’t afford these kinds of procedures since a considerable amount of employee support is necessary.
How safe is our data on premises? Am I sure our storage system won’t fail while we are doing some maintenance? Is my NetApp partner capable enough to see the risks and handle them properly?
There are risks when running your IT on premises. They can be reduced by training staff, hiring well-trained staff (I take that back—can’t afford), hire a system house that helps you if your knowledge and experience is insufficient. If you can afford it, implement ITIL processes. This helps a lot, but you have to put in much effort.
Everything you do to improve your situation on premises has to be paid for.
This post is an excerpt from my document “Your Existing IT Strategy Won't Work” (302 downloads) . Feel free to download it and get the full information.