Business continuity is a big deal. Having your infrastructure up and running in the case of an outage, a disaster, or some other unforeseen event can make the difference between generating more revenue (based in large part on your consistency as a business) and losing untold dollars and credibility.
One of the hallmarks of the new, distributed and mobile workforce is BYOD, a movement that is increasingly enabled by innovative cloud technologies. BYOD has great virtues for an organization, especially in the instances where business continuity planning comes into play. If your workforce can still access their communication and collaboration tools, any disruption to business as usual can be mitigated.
However, BYOD and the cloud technology that support BYOD present challenges to ensuring a business contingency plan runs as smoothly as it should. One of the issues BYOD presents is how data flows in and out of the most secure parts of an organization. In the case of a lapse, be it an outage or a breach, data stored in an employee device can represent a significant compliance/security threat if not tightly monitored or controlled.
Cloud similarly represents a question where liability of data is concerned. For many organization, cloud provider liability ends at the hypervisor layer, effectively signaling that the data that an organization utilizes IaaS to move, store, or otherwise support is beyond that cloud provider’s provenance. However, in a cloud enabled BYOD situation, liability can be less clear.
A cloud provider can become a link in a business’ supply chain, and as such that provider now shares some level of liability with that client business. Compliance concerns also come up in terms of how data is accessed, transmitted, and secured. Depending on the nature of the data, and the industry the company functions in, cloud providers will often sign a Business Associates Agreement. This document allots responsibility of liability as agreed upon between the business and cloud provider, especially where contingency circumstances are concerned.
These agreements, however, are not easy, simple, prescriptive, or otherwise widely available. Serious negotiation goes into how they function, and any distribution of liability must be deeply considered. BYOD and cloud should be part of a business’ IT strategy, but they need to be fully explored and planned for if a company is going to get the most value from each, especially when the going gets rough.
Thoughts? Let us know on Twitter @CloudGathering.
By Jake Gardner