In this article, you'll read about,

• why effective business continuity management is important,
• what advantages the public cloud offers in terms of resilience,
• and which seven measures ensure a resilient cloud.

A widespread power outage brought things to a standstill in the Dutch province of Flevoland this fall. Faults in two substations temporarily paralyzed the power supply in the region, which is located northwest of the capital Amsterdam. Police restricted road traffic and train services were cancelled. The outage also had consequences for the data centers in the region: They had to resort to the emergency power supply. This included the Open Telekom Cloud facility. Did this lead to service outages or data loss? Not at all. Because the switch to the emergency power supply went smoothly. And operations continued accordingly without interruption.

 What measures are particularly important? Andreas Falkner has compiled a list:

• Twin core: Twin-core data centers are built as identical facilities. If the infrastructure is designed accordingly, information and systems are also permanently mapped in the twin data center. This means that data is available even if there are malfunctions or failures in one of the two. The service continues to run seamlessly.
   
• Georedundancy: Georedundancy means that two data centers at different locations mirror each other's data and can take over each other's functions in an emergency. For full georedundancy, the German Federal Office for Information Security (BSI) stipulates a minimum distance of 200 kilometers so that, if possible, they cannot be affected by the same event.
   
• Physical protection of data in the data center: Decisive factors for data centers and their IT security include the choice of location, the greatest possible protection against natural disasters such as floods, earthquakes, etc., fire protection, access controls, security zones in accordance with BSI specifications, and emergency power generators to bridge (short-term) power outages.
   
• Cyber security: Providers need a multi-level concept to identify and defend against potential threats as well as attack patterns. Suitable measures include firewalls, intrusion detection systems, and various encryption techniques. Telekom also has dedicated security specialists on standby around the clock in the form of the Cyber Emergency Response Team.
   
• Cloud incident management/response: Providers need processes, tools, and expertise in order to identify, document, and deal effectively with threats and critical incidents with potentially far-reaching consequences in a standardized manner.
   
• Solid backup and recovery solutions: Regular, automated backup of all important or critical data in an unalterable format protects against data loss. Instant recovery procedures allow data to be restored immediately, minimizing downtime and ensuring high availability.
   
• Regular testing: Possible problem and failure scenarios should be deliberately provoked on a regular basis and constantly recombined in order to analyze the reactions of the cloud as well as to define new security measures. Adaptive systems based on artificial intelligence and machine learning expand the cloud's ability to respond flexibly to critical incidents.
   

"Today, companies and organizations can no longer afford failures and downtime. They cost time, money, and customer satisfaction," says Falkner. "That's why it's important to check which business continuity measures are in place when selecting cloud solutions." To this end, the Open Telekom Cloud offers its users numerous services and the highest security standards – from the comprehensive physical protection of its data centers to georedundancy and cyber defense. And when it comes to data backup, it always ensures compliance with European data protection regulations in accordance with the GDPR.

It is also important to be aware of the fact that with a public cloud, the principle of "shared responsibility" applies. This means that it is clearly defined which measures are the responsibility of the provider and which are the responsibility of the customer. For example, the provider provides corresponding services such as backup and recovery solutions, while use and management are the responsibility of the customer. "If the relevant expertise is not available in the companies, our service team is on hand to provide advice," says Falkner. "There is also the option of managed services. Here, we take over the setup and management of the entire environment."