Think Carefully Before You Pay For Cloud Downtime Insurance

Uploaded on 2022-08-25 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Financial

As cloud computing becomes ubiquitous, more companies are exposed to incidents that cause downtime, which can be disastrous. According to Gartner, the average cost of IT downtime is a staggering $5,600 per minute. And then there are those additional costs that don’t necessarily show up as monetary losses, such as the cost of an interruption that pulls IT people away from their regular work to get your company back up and running.

It is one reason why cloud downtime insurance has taken off in recent years. Downtime insurance providers cover clients for short-term cloud outages, network crashes, and platform failures that last up to 24 hours.

They happen often. Cloud insurance provider Parametrix says that, on average, one of the three major public cloud providers - Microsoft Azure, AWS, and Google Cloud - has an outage lasting at least 30 minutes every three weeks. Cloud downtime insurance can be a helpful safety net for businesses, but it is not a complete solution. It’s important to remember that this kind of insurance can’t guarantee that your business remains in operation during a period of downtime.

Yes, the insurance will cover you for any short-term losses you incur. But it will not cover the loss of goodwill, damage to your brand image, and loss of customer loyalty when your business can’t deliver.

Instead of relying 100% on cloud downtime insurance, organisations should pursue these three strategies to weather cloud downtime and other unexpected events.

Have A Sound Recovery Plan

Think your data is safe and secure when you move it to a cloud provider? Think again. Last year, a fire at the data centre of French web hosting service OVHcloud (Europe’s largest cloud provider) caused the loss of massive amounts of customer data. It impacted government agencies, e-commerce companies, and banks, among others.

Backing up your data to the cloud or on-premise is a critical and cost-effective first step in any disaster recovery plan. But it’s only the first step. It would help if you also had a plan to quickly recover your data in an emergency. Think of your business journey as a trip on a cruise ship. Just as a cruise ship regularly tests its lifeboats (weekly, in case you’re wondering), you should test your recovery plan often. You should simulate disruptions and see how well your recovery plan works. You should also regularly test your backup images and fix any problems. Your recovery plan is your lifeboat.

Implement Your Backup & Recovery Solution

Cloud security is not solely the responsibility of your cloud provider. It’s your responsibility as well. Cloud providers usually promise to secure their infrastructure and services. But securing operating systems, platforms, and data—that’s on you. Cloud providers will not guarantee the safety of your data. No matter what cloud platform you use, the data is still owned by you, not the provider.

Many cloud providers recommend that their customers use third-party software to protect their data.

You can comprehensively secure your data with a reliable cloud backup and recovery solution. You can also get the control you need. You should implement a cloud backup and recovery solution that protects your data by automatically backing up your information every 15 minutes and gives you multiple points of recovery. This guarantees that your data is continuously protected while providing quick access and visibility to it 24/7.

Be Proactive: Be Data Resilient

A lot of companies don’t test their data recovery plans. Many don’t even have a recovery plan. Don’t be like them. Have a recovery plan and test it often. Be proactive, not reactive. Be data resilient.

A data resilience strategy ensures business continuity in the event of a disruption. It is built on recovery point objectives (RPOs) and recovery time objectives (RTOs), and you should regularly test to guarantee that the RPOs and RTOs can be achieved. Your RPO determines your backup frequency. In essence, it’s your tolerance for data loss. Some organizations can tolerate a data loss of 24 hours, so they back up their data every 24 hours. Their RPO is 24.

Other organisations, such as those in finance and healthcare, absolutely cannot tolerate a data loss of 24 hours. Their RPOs are set to milliseconds.

Your RTO measures the downtime you can accept between a data loss and recovery. It’s how long you can be down before your business incurs severe damages. Your RTO determines your disaster recovery plan investment. If your RTO is one hour, you need to invest in solutions that get you back up and running within an hour.

Establishing your RPO and RTO and then implementing the solutions you need to achieve them are the keys to data resilience.

Final Takeaway

We live in a world of growing cyber security threats, more frequent natural disasters, and black swan events arriving in flocks. Every day, organizations are brought to their knees out of the blue. That’s why more of them are purchasing cloud downtime insurance. But it is critical to realize that this type of insurance alone does not constitute a data protection plan.

It is best viewed as a complement to your backup and recovery efforts. Never consider it a replacement.

Florian Malecki, Executive is VP Marketing at Arcserve

You Might Also Read: 

Data Protection Must Be a Part of Every Cyber Security Strategy:

 

« Microsoft Disrupts Russian Spies
EU Still Blocking Social Media Users' Data Transfer »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Summit 7 (S7)

Summit 7 (S7)

Summit 7 is a national leader in cybersecurity, compliance, and managed services for the Aerospace and Defense industry and corporate enterprises.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.