Cloud Downtime Insurance Alone Is Not Enough – 3 Vital Steps to Ensure Business Continuity

David Lenz | 1 September 2022

David Lenz, Vice President, Asia Pacific, Arcserve

As cloud computing becomes ubiquitous, organisations in Asia Pacific (APAC) are increasingly exposed to incidents that cause downtime, which can be disastrous. According to Gartner, the average cost of IT downtime is a staggering US$5,600 per minute. In addition, there are costs that don’t necessarily show up as monetary losses, such as the cost of an interruption that pulls IT people away from their regular work to get the company back up and running.

It is one reason why cloud downtime insurance has taken off in recent years. Downtime insurance providers cover clients for short-term cloud outages, network crashes, and platform failures that last up to 24 hours. Cloud downtime insurance can be a helpful safety net for businesses, but it is not a complete solution. It’s important to remember that this kind of insurance can’t guarantee that the business remains in operation during a period of downtime.

The insurance will cover the business for any short-term losses incurred, but it will not cover the loss of goodwill, damage to the company’s brand image, and loss of customer loyalty when the business can’t deliver. Instead of relying 100% on cloud downtime insurance, organisations should pursue these three strategies to weather cloud downtime and other unexpected events.

1. Have a sound recovery plan

Moving data to a cloud provider in itself is not a guarantee of the safety and security of your data. Last year, a fire at the data centre of French web hosting service OVHcloud caused the loss of massive amounts of customer data. It impacted government agencies, e-commerce companies, and banks, among others.

Backing up the organisation’s data to the cloud or on-premise is a critical and cost-effective first step in any disaster recovery plan. But it’s only the first step and needs to be complemented with a plan to quickly recover valuable data in an emergency. Testing their recovery plan often by simulating disruptions allows the organisation to see how well their recovery plan works. Additionally, they should be regularly testing their backup images and fixing any problems.

2. Implement a backup and recovery solution

Cloud security is not solely the responsibility of the cloud provider. Cloud providers usually promise to secure their infrastructure and services but they will not guarantee the safety of your data. No matter what cloud platform the company uses, the data is still owned by the owner organisation, not the provider. Many cloud providers recommend that their customers use third-party software to protect their data.

Organisations can comprehensively secure their data with a reliable cloud backup and recovery solution. By implementing a cloud backup and recovery solution that automatically backs up the company’s information every 15 minutes with multiple points of recovery, businesses can better guarantee that their valuable data is continuously protected while having quick access and visibility to it 24/7.

3. Be proactive: Be data resilient

Companies need to practise data resilience by having a recovery plan and testing it often. A data resilience strategy ensures business continuity in the event of a disruption. It is built on recovery point objectives (RPOs) and recovery time objectives (RTOs), and organisations should regularly test to guarantee that the RPOs and RTOs can be achieved.

RPO determines backup frequency, and in essence, measures the company’s tolerance for data loss. Some organisations can tolerate a data loss of 24 hours, so they back up their data every 24 hours. Their RPO is 24. Other organisations, such as those in finance and healthcare, absolutely cannot tolerate a data loss of 24 hours. Their RPOs are set to milliseconds.

The RTO measures the downtime an organisation can accept between a data loss and recovery. It’s how long they can be down before the business incurs severe damages. The RTO determines the company’s disaster recovery plan investment. If their RTO is one hour, they need to invest in solutions that get them back up and running within an hour.

Establishing your RPO and RTO and then implementing the solutions needed to achieve them are the keys to data resilience.

We live in a world of growing cybersecurity threats, more frequent natural disasters, and black swan events arriving in flocks. APAC companies purchasing cloud downtime insurance need to realise that this type of insurance alone does not constitute a data protection plan. It is best viewed as a complement to their backup and recovery efforts. Never consider it a replacement.