Considering cloud downtime insurance?

Issue 7 2022 Information Security, Infrastructure, Security Services & Risk Management

Cloud downtime insurance has taken off in recent years, and with good reason. Downtime insurance providers cover clients for short-term cloud outages, network crashes and platform failures that last up to 24 hours. And they happen often.


Byron Horn-Botha.

Cloud insurance provider Parametrix notes that, on average, one of the three major public cloud providers – Microsoft Azure, AWS and Google Cloud – has an outage lasting at least 30 minutes every three weeks.

As cloud computing becomes ubiquitous, more companies are exposed to incidents that cause downtime, which can be disastrous. Gartner cites the average cost of IT downtime at a staggering $5600 a minute. Let’s also factor in the additional costs that don’t necessarily show up as monetary losses, such as the cost of an interruption that pulls IT people away from their regular work to get your company back up and running.

It is one reason why cloud downtime insurance can be a helpful safety net for businesses, but it is not a complete solution. It’s important to remember that this kind of insurance can’t guarantee that your business remains in operation during a period of downtime. Whilst it will cover any short-term losses you incur, it will not cover the loss of goodwill, damage to your brand reputation, and loss of customer loyalty when your business can’t deliver.

So, the bottom line is that instead of placing 100% reliance on cloud downtime insurance, businesses need to put strategies in place if they are to weather the cloud downtime storm and other unexpected events.

1: Have a sound recovery plan

Think your data is safe and secure when you move it to a cloud provider? Think again. Last year, a fire at the data centre of French web hosting service OVHcloud (Europe’s largest cloud provider) caused the loss of massive amounts of customer data. It impacted government agencies, e-commerce companies and banks, to name just some entities.

Backing up your data to the cloud or on-premise is a critical and cost-effective first step in any disaster recovery plan – but this is only the beginning. It would help if you also had a plan to recover your data in an emergency quickly. You must also test your recovery plan often. You should simulate disruptions and see how well your recovery plan works. You should also regularly test your backup images and address any problems.

2: Implement your backup and recovery solution

Cloud security is not solely the responsibility of your cloud provider. It’s your responsibility as well. Cloud providers usually promise to secure their infrastructure and services. But securing operating systems, platforms and data is your responsibility. Read the small print.

Cloud providers will not guarantee the safety of your data. No matter what cloud platform you use, the data is still owned by you, not the provider. Many cloud providers recommend that their customers use third-party software to protect their data.

You can comprehensively secure your data with a reliable cloud backup and recovery solution. You can also get the control you need. You should implement a cloud backup and recovery solution that protects your data by automatically backing up your information every 15 minutes, giving you multiple recovery points. It also guarantees that your data is continuously protected while providing quick access and visibility 24/7.

3: Be proactive: be data resilient

A lot of companies don’t test their data recovery plans. Many don’t even have a recovery plan, which is very short-sighted. It is crucial to be proactive, not reactive, and, above all, data-resilient.

A data resilience strategy ensures business continuity in the event of a disruption. It is built on recovery point objectives (RPOs) and recovery time objectives (RTOs), and you should regularly test to guarantee that the RPOs and RTOs can be achieved.

Your RPO determines your backup frequency. In essence, it’s your tolerance for data loss. Some organisations can tolerate a data loss of 24 hours, so they back up their data every 24 hours. Their RPO is 24. Other businesses, such as those in finance and healthcare, absolutely cannot tolerate a data loss of 24 hours. Their RPOs are set to milliseconds.

Your RTO measures the downtime you can accept between a data loss and recovery. It’s how long you can be down before your business incurs severe damages. Your RTO determines your disaster recovery plan investment. If your RTO is one hour, you need to invest in solutions that get you back up and running within that hour.

Establishing your RPO and RTO, and then implementing the solutions you need to achieve them, are the keys to data resilience.

Final takeaway

We live in a world of growing cybersecurity threats, more frequent natural disasters, and black swan events arriving in flocks. Every day, organisations are brought to their knees out of the blue. That’s why more of them are purchasing cloud downtime insurance. But it is critical to understand that this type of insurance alone does not constitute a data protection plan. It is best viewed as an accessory to your backup and recovery efforts. Never consider it a replacement.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Fire safety in South Africa
Technoswitch Fire Detection & Suppression Technews Publishing SMART Security Solutions Editor's Choice Fire & Safety Security Services & Risk Management
Fire safety is sometimes ignored, sometimes relegated to whatever is cheapest, and sometimes treated with the seriousness it deserves, given that it focuses on protecting life and assets. SMART Security Solutions asked Brett Birch, MD of Technoswitch, for some insights into the realities of fire safety in South Africa.

Read more...
A risk-based approach to fire safety
Fire & Safety Security Services & Risk Management Industrial (Industry) Agriculture (Industry)
A report by fire engineering consultancy ASP Fire is challenging blanket assumptions around combustible-core sandwich panels, arguing instead for a rational, risk-based approach that balances fire safety requirements with commercial realities in sectors such as agriculture, manufacturing and industrial processing.

Read more...
Preventing and suppressing lithium fires
SMART Security Solutions Technews Publishing Editor's Choice Fire & Safety Security Services & Risk Management Smart Home Automation
SMART Security Solutions asked Clyde Becker, director of Pyro Brand, for some insight into the mechanics of lithium-ion battery fire risks, especially thermal runaway, and to define a comprehensive, layered approach to fire detection and suppression.

Read more...
Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.