Cloud Blind Spot- Incident Management

Sep 20, 2018

Many businesses are moving to cloud offerings to host their critical applications. It does make sense in many settings to migrate to the cloud. The cost savings, availability, scalability, and lack of hardware investment are all good reasons to adopt a cloud approach to critical business applications.

This approach does come with a risk, and many companies that adopt a cloud platform are ill-prepared to deal with it. Recently, the hosted version of Allscripts was impacted by ransomware, leaving many medical offices without the ability to see patients. Several breaches of trusted systems have impacted the Small to Medium Business space over the past several years.

When companies become dependent on a cloud vendor, and that cloud vendor is impacted, it is still important to have both an incident response plan and disaster recovery plan in place to assist in a rapid return to operation for your company.

Adopting a cloud solution does transfer some risk to the vendor, and you may have a Service Level Agreement that covers some direct costs of an event. There are several indirect impacts that businesses have experienced during an outage or security incident:

  • Frustrated customers
  • Drop in customer confidence
  • A large influx of phone calls
  • Lack of communication channels with the vendor
  • Payroll costs during the outage

While some of these are measurable, they may not be covered by your service level agreement and will require planning on your part.


It’s a good idea to write an Incident Response Plan that accounts for a security breach of your cloud vendors. This plan should include:

  • What your phone operators should say, in a scripted manner that allows them to answer questions while still limiting the information to what is known and accurate.
  • Who is responsible for making decisions on what communication goes out.
  • How to contact your vendor
  • What channels the vendor will use to provide updates
  • How to notify your employees if they are not to come into work

Overall, an incident response plan should ensure that you have a game plan for each of your systems, whether they be internal or cloud hosted. Many businesses seem to dismiss planning once a workload moves to the cloud. In reality, the risks are reduced but still require planning.