As a information security executive, what are your concerns related to disaster recovery and business continuity of your cloud applications? In Organizing sensitive data in the cloud, I mention configuration information for each cloud service layer (software, platform, infrastructure, and security) needs to be kept in a directory. I have a significant concern though.

Today, there are hundreds to thousands of permutations for vendors product configurations that may be deployed in the cloud. The sheer number of features supported for each product are mind-numbing.

This makes disaster recovery and business continuity a nightmare. Only financial services companies invest the money necessary to replicate the applications and core infrastructure to ensure that a disaster can be effectively handled. This is too expensive for many small and medium sized corporations. What is the key to disaster recovery success? The cloud provider needs to minimize the number of product vendors and the corresponding features they deploy. This reduces the number of permutations that must be tested. Hence, a cloud user can have assurance that the cloud provider's web solution will work for them.

I'll examine a cloud application scenario. How should the directory be designed to assist in deploying a cloud based application? A cloud application is supported by a web server that interfaces with a database which runs on an operating system contained within a virtual machine. The virtual machine acquires the network and storage resources it needs to support the application. The flavors of virtualized networking products and storage components also need templates associated with them.

The link for this article located at CSO Online is no longer available.