Posted by Anna Nicholls on 29-Nov-2019 12:40:46

Do you know where your cloud data is?


According to the findings of our latest survey, many of you don’t…

We recently sent a survey out to businesses utilising cloud based IT systems, and the results are pretty worrying.

A quarter of the businesses surveyed didn’t know whether their data remains in the UK. 42% were unable to confirm where their data centres are located. This has the potential to cause major compliance challenges under regulations such as GDPR and the NIS Directive, and data hosted outside the UK may also have an impact on latency. Your data centre should be able to advise you on whether or not data sovereignty is guaranteed. If regulation dictates that your data must remain in the UK, you need to be able to prove that the necessary steps have been taken to comply.

Speaking of compliance, a third of survey respondents didn’t know whether their data is stored in an ISO compliant data centre. Certifications such as ISO27001, along with other certifications and accreditations outside of ISO will tell you how much time and effort the provider dedicates to security and compliance. It’s easy to look at a cloud provider’s website, see that a particular accreditation is listed, and take it at face value rather than undertaking an in-depth review of the relevant documentation. A cloud provider worth working with, should have no problem with you auditing their data centre premises.


More worryingly, 43% of respondents didn’t know whether their data fails over to a secondary location during an outage.

The ramifications of this are huge. If the data centre housing your data experiences an outage, this could render your business out of action - potentially indefinitely. It’s vital that businesses understand what will happen during an outage. What is the hosting provider’s uptime SLA and what technical controls are in place to ensure this is met? At the hosting platform level, what kinds of redundancy measures and resilience features will protect your business from the effects of downtime? In the case of power outages, what level of UPS redundancy is available from the data centre? In case of network outages, how diverse are the network connections to and from the data centre? Does your cloud live in an area with a high environmental risk profile? Would it be possible for you to retrieve your data in the event of an outage?

A resilient cloud solution will see your company data replicated to a secondary site, with a seamless failover meaning no disruption of service to your end users in the event of an outage. 

Active-active cloud is a failsafe way to replicate. Continuous, real-time replication to a secondary cloud platform through active-active technology will provide a seamless continuation of service in the event of a failover. Remember though, in this scenario mistakes and deletions are also replicated to the secondary platform, so a backup is still important here - don’t assume that a replicated cloud platform replaces your backup - it doesn’t.

You can read more about the benefits of this type of active-active cloud platform, here.

67% of the companies surveyed, didn’t know whether their cloud provider owned the data centre they’re using, and a whopping 92% have never visited the facility where their data is held. We would always recommend a tour of any data centre facility that you’re considering using, and any good data centre will be happy to accommodate tours. Not only does this allow you to see first hand the security procedures and processes to ensure resilience, but it also gives you an opportunity to meet the people that you’ll be working with, making sure the company is a good fit from a relationship perspective going forward. 


50% of the businesses surveyed didn’t know the tier rating of their data centre. Data centre tiers were designed to help people quickly identify the level of redundancy and complexity that a data centre infrastructure has to offer.  And although tiers don’t always tell the full story, they are a good way of helping you decide whether a particular provider offers a suitable level of resilience for your needs. Tier 1 is the lowest, and Tier 4 offers the greatest level of redundancy. It’s all about assessing the business need, and while a Tier 1 data centre might leave you open to some risk, a Tier 4, for most businesses, can be an over investment.

You can read more about data centre tiers and what they mean, here.

When you move some, or part of your infrastructure to a cloud platform, it is vital that your data is in the safest possible hands. Time spent researching cloud vendors, technologies, and data centre partners will reap dividends compared to the potential losses brought about through inadequate security, lack of compliance and poor resilience and redundancy. 

If you want to make sure you’re asking the right questions, check out our free download - 10 Questions You Should Be Asking Your Cloud Provider.


Topics: disaster recovery, redundancy, resilience, cloud hosting, data centre, security, business continuity, cloud, data sovereignty, compliance, cloud server hosting, GDPR, ecommerce hosting

Anna Nicholls

Written by Anna Nicholls

Have your say