Conducting Business in the Cloud - Best Practices to Ensure that Your Data Is Safe
An article by Chris Seib, taken from the November/December 2012 issue of HBMA Billing.
Today, consumers and businesses in all industries are transitioning their data
to the cloud, from music and pictures to mission critical data. The cloud is not
just being used for data storage and retrieval; it also supports business
functions like Customer Relationship Management (CRM), accounting, processing
functions, and cash flow. These business functions, especially cash flow, are
essential to billing services.
What if an error caused your business to go down for an hour? This might be just an inconvenience or could result in lost revenue or extra labor costs. However, what if it went down for a few days? In most cases, this type of event would affect your business in a material way. While moving to the cloud greatly enhances the way you can use data and conduct business, it also presents new risks to you and your clients.
As a billing service, it is critical to ensure that your processes and functions have business continuity and true availability in order to protect yourself and your clients from experiencing any material loss. It is often easy to underestimate the cost of critical vendors being down until it is too late. Worse yet, many vendors claim to be reliable but may take shortcuts to save costs, which can have a very significant impact on you and your clients. Here are some best practices and tips to use in discussions with current or potential vendor partners when leveraging the cloud for your business functions.
Local High Availability and Fault Tolerance
Most downtime is caused by hardware failures rather than natural disasters. In fact, between two and four percent of data center-grade hard drives can be expected to fail each year (nearly four times as likely as manufacturers will claim1). A private cloud data center must be architected at all layers with this in mind to minimize any disruption from these events. This is often referred to as "high availability" or "fault tolerance."
Power and Cooling
A private cloud data center should have complete power redundancy. In most cases, this means having two separate high-priority feeds from the local power company; battery backup; generator backups; and high-end electrical equipment available to ensure seamless switching between these sources. Many vendors have a simple, low-end uninterruptible power supply (UPS) that may only supply minutes of backup. It is crucial to have multiple generators with fuel supply contracts so a data center can run indefinitely.
In private cloud data centers, it is critical to have
adequate cooling. Cooling systems must be completely redundant with high fault
tolerance. Many data centers only have a single air conditioning unit, which is
often insufficient when there is a heat
Tip: Ask vendors when their backup power supplies were last tested. How much downtime is expected if the power company has a complete blackout? How long could they keep services up if there was a complete power blackout? Ask them to prove it by sharing testing results and allowing a tour of their data center facilities.
Hardware Best Practices
When it comes to data center hardware, the rule of thumb is to always have one more than is actively needed (IT people call this N+1). If one firewall is needed, two firewalls should be available, and they need to be configured for zero-downtime failover.
Furthermore, there should be no single point of failure: every component must have redundancy. Storage area networks should have redundant drives, hot spares, and multiple controllers. All layers of the system must be included, and individual components should have high availability in order to avoid downtime.
Many vendors often claim to have redundancy, but they still show single points of failure that can be exposed and cause extended downtime.
Having multiple pieces of hardware is all well and good, but what is truly important is that these pieces are interchangeable with no customer impact (otherwise known as immediate failover). Many vendors claim to have standby servers or equipment, but it will take hours or days for that new equipment to come online.
Tip: Ask vendors to prove that they have complete redundancy of all components and that they regularly test the failover.
At a private cloud data center, it is important to have proactive monitoring and alerting in place with adequately trained, professional IT staff who are familiar with the applications and services. This helps ensure that any issue or degradation is identified early and resolved quickly before any customer impact occurs. Issues will happen; hard drives fail and network issues are common, but in almost all cases, there are early warning signs.
Tip: Ask vendors to describe their data center monitoring and alerting procedures.
As more billing services transition to the cloud, it is crucial to ensure that your data will be safe when disaster strikes. Leveraging the cloud can significantly enhance the way you conduct business, but you must first take these precautions to protect yourself and your business.
Watch for the second segment of this article featuring additional best practices for disaster recovery, business continuity, and security in the next edition of Billing.
Chris Seib is the co-founder and CTO of InstaMed, the leading Healthcare Payments Network. Prior to InstaMed, Chris was an executive in Accenture's Health and Life Sciences practice, focused on architecting and delivering portal and connectivity solutions. Additionally, Chris has managed multi-project initiatives such as eCommerce development, software application development, and operations. Chris has certifications and expertise in programming, architecture, Microsoft technologies, database technologies, networks, network architecture, security, and project management.