Not your disaster recovery. We mean disaster recovery for the cloud provider itself. Despite the temptation to believe that you no longer have any worries because you’ve handed your data and applications over to a supposedly reputable third party, IT disaster can still strike even the biggest providers.

If so, they might refund you last month’s subscription. You might swear to never do business with them again.

But you are still responsible for any loss, damage or theft of your data, and for cleaning up any public relations mess that goes with it. Let’s dig into what you should know about your cloud provider’s own DR plans.

First, if you think that cloud providers are too big and too safe for anything untoward to happen, then think again.

Outages happen, even to the best of them. Data corruption is always a possibility when you yank the power cord out of a server without booting it down properly, not to mention the embarrassment of trying to explain to a major customer why a service or transaction just failed.

Nobody has blown up a cloud provider’s data centre yet (or else they’re not telling), but cloud providers are vulnerable to other risks, like hackers, human error and malicious insiders. Sometimes they also go bankrupt.

Of course, cloud providers often have replicated data centres, which help to get around IT failure.

You’ll need to know how replication is done and how frequently. Data centre security and associated processes should also be vetted, including both physical security (e.g. nobody gets in without an iris scan) and cyber security (firewalls, intrusion detection, or other).

You can also make your own arrangements for replication, such as keeping copies of data on site as well as in the cloud, or using a second cloud provider.

Encryption of data as you send it to or store or use it in the cloud will at least help stop bad actors getting their hands on it. But don’t just assume the cloud provider has it all under control – check and take your own precautions as required.