As SI said in our post on technology damnation 80, software was good. Hosted ASP was better. True multi-tenant SaaS was better still. But the “cloud” is, more often than not, the one step back that follows the two-steps forward.
The cloud is not a white fluffy cloud full of day dreams, it is a gathering storm cloud that could soon erupt and flood your entire operation while the hail it dispenses pummels you to a bloody pulp.
As per our damnation post, if you are not careful, you could:
- lose your mail,
- lose your data,
- lose your platform, and
- lose your customers as well as
- lose your supply chain visibility,
- lose your revenue stream, and
- lose all the cash in your bank account
And you could be permanently lost at sea when the floods carry you away.
Unless, of course, you take precautions. What kind of precautions? Every kind of precaution you can take. But at a minimum:
- Make sure that your providers’ platforms are designed in such a way that not only is there no data cross-pollination, but that there is no access cross-pollination. This may require that the provider not only create a new instance for each client, but run it on a new virtual machine. (The database can be on one server, as long as it’s encrypted and the encryption for each client uses a unique key so that if a hacker gets through to the database through another client’s poor security configuration, and gets all the data for that client, your data can’t be decrypted.)
- Make sure that the provider supports encryption across all of your data, not just parts of it, and that it is up to date (and up to snuff). Even data that might be considered inconsequential can be enough to be damaging if enough bits of it are pieced together.
- Make sure the provider does near-real time incremental, replicated, distributed, off-site back-ups to make sure that, in the case of hardware failure (or FBI/NSA server seizure), your data is not lost.
- Make sure the provider has multiple real-world data centres that the platform can be run on in case one (or more) data centres become unavailable.
- Make sure the provider has a distributed fault-tolerant up-time monitoring solution that can detect if an application instance becomes unavailable and restore the most recent back-up to a different data centre and do the necessary re-routings in (near) real time.
In other words, security, fault-tolerance, and distributed processing and back-up are critical. Without it, you’ll be hacked, your system will go down, and you may not get it (or even your data) back.