Getty Images/iStockphoto

Guest Post

Cloud resiliency: What it is and why it matters

Cloud resiliency is critical to ensure IT services and resources can recover quickly -- and without data loss.

Technology has become increasingly ingrained in our daily lives and changed how we consume services. The need to secure that technology is paramount. In the cloud, where information is accessible from anywhere, this need is even more urgent. Cloud resiliency is the process of foreseeing possible disruptions to technology service at a business. Also, it involves planning for business continuity, as well as how the technology systems will recover with speed and without data loss.

Cloud resiliency docks under the umbrella of business continuity, given its role in keeping the lights on and business flowing, no matter the scenario. We now live in an era where a pandemic created the need for a remote workforce. This will not be going away, and employees must be able to work securely from anywhere -- a goal that cloud resiliency empowers.

Speed without compromising security

Business accessibility depends upon remaining secure despite threats of downtime and cybercrime. The modern compute and consumption model in the cloud is key to establishing accessibility and flexibility to tackle the most complex challenges. And it does this while meeting customer expectations for everything to be always available and performant.

Skeptics of the cloud will often point to this accessibility as a reason for lacking security, but this is not the case. In fact, at layers 1 to 3, the cloud is often more secure than on-premises infrastructure. Cloud providers have more resources and time to focus on keeping their infrastructure secure and running than many organizations have in-house. On-premises shops are often faced with lean IT departments and stagnant budgets. At layers 4 to 7, there is an ever-growing provider network and there are delivery partners focused on helping your organization by design.

As the marketplace continues to move away from technology teams managing their own data centers, they lean on the cloud as their primary infrastructure provider. The COVID-19 pandemic has only accelerated this move, as more are looking to increase finance and accounting predictability in the consumption model.

Cloud resiliency is a critical piece of this puzzle enabling a holistic shift in how businesses plan for and meet the current, and future, demands of their customers.

What does cloud resiliency entail?

A resilient cloud stance depends upon having strategic alignment with business objectives and its unique threat vectors. Simply planning for known vulnerabilities alone is not enough -- organizations must also plan for unknown threats.

Cloud resiliency is dynamic. It must be regularly exercised and hardened to provide a strong security posture. Technology teams stress test the networking, storage capacity and underlying systems, then perform full or partial failovers to mimic what would occur during an actual disruption. During testing, it is essential to test for a variety of scenarios, likely and unlikely to impact your business. This range could include power outages, hardware failures, ransomware and flooding, to name a few.

Once workloads enter the cloud, we now have to account for other failure modes, such as regional outages. How do you ensure data remains protected and your systems are resilient in each unique scenario? All of this takes dedication, planning, intensive documentation and awareness of all of the likely and potential opportunities for failures.

For these reasons, many are turning to a plan that incorporates disaster recovery as a service and backup as a service woven together for complementary resilience. No matter the extent of your cloud journey -- whether you are running entirely in the cloud or have a hybrid model -- cloud resiliency demands constant iteration and a process to ensure that iteration is well documented.

Security in the cloud vs. on premises

Cloud skeptics often cite security as their main concern for not going to the cloud. However, they do not realize that when operating in the cloud, they have an entire organization -- the cloud provider -- that is dedicated solely to the upkeep of that cloud environment. Keeping workloads on premises and doing all management yourself lacks the same level of resources for security, no matter the bench of internal staff. With stagnant or low-growth technology budgets, securing on-premises infrastructure is an increasingly undesirable approach when compared to the flexibility of the cloud consumption model.

Maintaining physical infrastructure rack-and-stack, patching, physical security and more in the cloud consumption era makes about as much sense as generating your own power when public utilities are readily available. A cloud provider's core goal is to make their resources and services fully available and secured.

Furthermore, with the cloud, users can make changes from anywhere and can make changes traceable and secure through automation and everything-as-code. The latest innovation is always within reach, rather than contending with getting a return on sunk costs first.

Every cloud journey is unique

Cloud resiliency starts with strategic alignment with your key business stakeholders, planning and executing with an architecture that supports true resiliency, and having a strengthened disaster recovery program as a critical insurance plan, keeping your data safe. Your technical architecture is essential to the daily operations of your organization, making the cloud not just a destination, but an ongoing journey of optimization.

About the author

Dustin Milberg is a seasoned enterprise technology executive and current field CTO of cloud services at InterVision Systems LLC, a leading IT strategic service provider and Premier Consulting Partner in the AWS Partner Network. In this role, Milberg helps customers adopt a holistic approach to developing and delivering sustainable platforms while enabling technology organizations to optimize operations such as security, people, process, infrastructure, development and quality.

Next Steps

How an AWS multi-region architecture can strengthen DR

Dig Deeper on Cloud infrastructure design and management