You have to pay extra to remove risk in business. You pay for insurance against fire and hope it never happens. You pay to insure life, disability, key person and many more factors.
As your business and wealth grows, it gets to the point that you pay tens of thousands of dollars a year to protect yourself from obvious risks. You pay advisors like accountants and lawyers to find ways to reduce risks.
We are all used to paying a fee to reduce risk. The first step in reducing risk is understanding what the risks are. When my wife and I first got together, we looked at our lifestyle assessed the risks we took in sports and decided we better have health insurance. But we did not need life insurance, as we had no assets and no debt.
As it turns out, I broke my leg a couple of months later and spent a few weeks in a private hospital. So it ended up being a great decision.
Once we bought our first home, we realised that neither one of us could afford to pay it off on our own if something happened to the other, so we added a life insurance policy. As our risks increased we expanded our insurance portfolio. The brokers really love us now, as we insure aspects of our business as well.
However, I am not here to sell you insurance, I am here to talk about the risk in IT infrastructure and why the cloud does or does not make sense for you.
Every IT system relies on hardware, software and interaction with humans. This means they are all prone to failure at some point in time. Yes, all of them, including the banks, Google, Microsoft, Amazon and the server in your back office.
So why would you move to the cloud?
Your internal infrastructure may never fail and still there is a reason to move. It is about where the risk sits.
It can sit with your business so that every time something breaks you pay the cost of fixing it and wear the down time while alternate solutions are put in place. Or you move the risk to a larger server environment in the data centre.
If you are a large organisation your company may be a larger company than the data centre but your private data centre may not be as large as the shared facility of a data centre.
In the multi tenanted data centre or the public data centre, it is their job to manage risk. They will typically have a security guard at the front door, a fire suppression system, multiple data connections and power connections, air conditioning, backup cooling systems and even a fail over data centre in a geographically separated location. When their systems fail or an error occurs, all the customer need to do is log the problem and wait for a fix to be provided.
We recently had a bizarre example with this when a client asked for one user account of a cloud service to be removed. The instruction was passed to the provider clearly as “please remove 1 of 73 accounts leaving 72 accounts” but, through process or human error, the entire customer account was deleted. The result was a client off line.
First response from cloud support was that this would imply a billing error. Please pay your account. No, the account was up to date, so it must be a technical fault. Okay, so the process was a tad frustrating to say the least, but once the problem was diagnosed, the data was restored and the accounts were back up and running with all data restored in a matter of a couple of hours.
Had this client had a similar outage on their own site, the cost of rectification would have been many times higher and the time to diagnose and recover could have been significantly longer.
There is no guarantee of 100% up time with any system but there is the concept of removal of risk.
I am keen to see what happens when the data can’t be recovered by a cloud provider whether they really cover the risk or if in fact the risk is transferred until the large data company says sorry and refunds your payment to date. Getting your investment back is unlikely to cover the cost of the impact on your business of loss of systems. So when transferring risks, make sure you read the contracts, as you can bet they are designed to limit the risk your providers are taking as you move the risk off site.
In an interesting development, equity partners for US start-ups are now requesting cloud infrastructure be in place so they know the business they are investing in will not be restricted by limited infrastructure as they start to grow and expand. The investors know that the transferred risk also gives them a predictable model for costs and a lower probability of failure. So, clearly, there are pros and cons to migrating risk off site.
If you have not thought about where your infrastructure should be or the risks you are taking with your data, this is probably a good time to seek advice to ensure you have a good balance between risk and cost. Paying a premium to move infrastructure to the cloud may well be justified by a reduction in risk if you do it well.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.