Data centre “due diligence” is a business imperative because there can be no compromise with compliance laws and business ethics. But, how does one define a “dependable data centre service” where Cloud services are involved and data centres are maintained and managed by third parties? What are the components? What does one really look for while selecting a Cloud vendor claiming to offer such a service?
The organization signing up for the Cloud account must have the assurance that the service provider has the appropriate physical and electronic security systems in place and the operatives maintaining the servers and the data centres or outsiders (gaining unauthorized entry to the data centre) do not have any kind of read/write access to the information stored in the systems. As a result, the evaluation of the vendor data centre for “dependability” will include a detailed review of operating processes, failover procedures, electrical systems, mechanical systems, fire protection, security, backup and much more. The dependability will be a composite of all the efficiency of all these systems plus the legally enforceable guarantees given by the vendor in the Service Level Agreement (SLA).
Fortunately, most vendors marketing their service are willing to provide their customers with details of the collocation service or data centre. Users can request for the information location and size of data centres, geographical peculiarities of the region where the data centres will be located, ownership patterns, facility provisioning, power status, replication and mirroring procedures, access protocols, security protocols, data sharing agreements, third party service level agreements, disaster recovery provisioning and a host of other data centre related concerns. The vendor is duty bound to provide the customer with all requested information that is not in violation of any extant laws or agreements with other customers or vendors. The customer must do the necessary due diligence once the request for information is made and the information is supplied to them.
If your organization has signed up for a Cloud backup service (whether private or public), it will be in your interests to do a due diligence. You could ask if the data centre is certified for industry standards or not. You could deploy a task force to study the “dependability” of the vendor managed data centres or use any reputed third party study report (that are made available to you by the vendor or others) to convince yourself and your management about the “dependability” of the data centre, before signing on the dotted line. After all, it is your business that is at risk!