Related
Recommended

Out of Office: Identifying & Managing Risk

matt.crape
2 minute read time

Risk Management is an important part of IT. Being able to identify risks and remediation options can make a huge difference if or when disaster strikes. If you've moved part of or all of your enterprise to Office 365, you now have no control over a large portion of your IT environment. But what sorts of risks do you face, and how do you deal with them?

OFFICE 365 IS UNAVAILABLE

It has happened in the past where Office 365 has become unavailable for one reason or another. There is also a very high likelihood of it happening again in the future. One of the great things about using a cloud-based platform such as Office 365 is that enterprise IT doesn't need to maintain large amounts of the infrastructure. One of the big downfalls is that is still their problem to deal with. But what sorts of implication could this have?

What is your organization's plan if, all of a sudden, Exchange Online is unavailable? Will it grind things to a halt, or will it be a minor inconvenience? The same holds true for services such as SharePoint. If all of your critical marketing material is in SharePoint Online and the service goes down, will your salespeople be left high and dry?

MEASURING RISK

Not all risk is equal. Chances are that the risk of a user deleting a document won't have the same impact as something like inbound email coming to a halt. That is why you need to measure these risks. You'll want to consider the likelihood of an event occurring, and what the impact will be if it does.

Why is this step important? By performing an assessment, you'll be able to identify areas that you can mitigate, or possibly eliminate, risks. Knowing their impact is extremely important to justify priorities, as well as budgets.

MITIGATING RISK

As enterprise customers, we can't control how Microsoft maintains their services. But what we can do is understand what our critical business processes are, and build contingency plans for when things fall apart.

Let's use an inaccessible Exchange Online service as an example. How can you mitigate this risk? If you are running a hybrid deployment, you might be able to leverage your on-premises services to get some folks back up and running. Other options might be services from Microsoft partners. There are, for example, services that allow you to use third-party email servers to send and receive emails if Exchange Online goes offline. When service returns, the mailboxes are merged, and you can keep chugging along like nothing happened.

If you measured your risks ahead of time, you'll hopefully have noted such a possibility.

BACKUPS

Service availability isn't the only risk. Data goes missing. Whether it is "lost," accidentally deleted, or maliciously targeted, data needs to be backed up. If you've moved any data into Office 365, you need to think about how are you going to back it up. Not only that, but what if you have to do a large restore? How long would it take you to restore 1 TB of data back into SharePoint? What impact would that window have on users?

Although a lot of the "hands-on" management is removed from IT shops when they migrate to Office 365, that doesn't mean that their core responsibilities are shifted. At the end of the day, IT staff are responsible for making sure that users can do their jobs. Just because something is in the cloud doesn't mean that it will be problem free.

  • I worked for a company that installed gate systems for parking garages (among other things). I sold a project in Orlando one time where we had a penalty/bonus assigned to the contract. For every day we missed the deadline we lost $1000, but if we were ahead of deadline we received an additional $500 for everyday ahead of time. My company was very good about making deadlines, but this gave us incentive to install 8 days early. $4000 may not sound like a lot, but on a $20,000 project that's a big chunk.

    No one wants to think about disasters, but with good negotiations an SLA can be of better value.

  • Good point about the SLAs. However, I've often found that credits from SLAs rarely come remotely close to the actual value lost during downtime. That is something that folks (managers, execs, users, etc.) need to be aware. Yes, you may get money back if you can access your email, but is something like a few dollars an hour really of any value?

  • Be mindful of Cloud SLA's and agreed upon maintenance windows. Then make sure your support teams sigh up to receive notifications for them. (Yes, this sounds so basic but you would be surprised. Horribly, horribly surprised...)

    Many CIO's and decision-makers will sign off and "shift blame/responsibility" off to the vendor based on solid SLA's. No one gets fired for recommending O365. The $$$'s make too much sense. But if the service is garbage the CIO can fall back on the SLA...

  • Don't be surprised if there is some liability waiver clause in there somewhere...the Get Out Of Jail Free clause.

  • But we have an SLA that protects us. "Did you read the fine print?  Did you read the EULA?  Those both negate all the protections if we decide there is no benefit to us."

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.