In Focus Resource Center > Insights

Cloudy With a Chance of Pain

By Kevin Ricci .

For the vast majority of businesses, reliance upon cloud providers has become inescapable, with in-house application hosting rapidly becoming a vestige of a bygone computing era. There are many reasons for transitioning to a cloud solution, including ease of sharing information, scalability, cost savings, and support. Whereas servers hosted in a traditional server room need to be secured, supported, patched, and upgraded, a cloud provider seamlessly handles all of these functions for a business. However, while their advantages may seem to provide a technological panacea for businesses, cloud solutions are not without risk. Dark clouds of a different type, such as unexpected outages and cyberattacks, can quickly rain on a business’s ability to provide services.

As more and more businesses see the rewards of migrating away from onsite applications, cybercriminals have taken notice of the cloud and are seeing benefits of a far more sinister nature. Cloud providers and, in turn, their customers can be severely affected by cyberattacks. One of the largest providers of electronic medical records (EMR) was victimized by a sophisticated malware attack that took their systems offline, leaving their customers without access to critical business processes for several weeks. One of the world’s largest providers of financial and fundraising technology to not-for-profit organizations was compromised and extorted into paying a sizable ransom to restore the hijacked data destroyed by the cybercriminals.

While cybercriminals account for much of the downtime experienced by cloud providers, other outages can also occur without warning. The premier provider of hotel accounting software across North America recently went down for several agonizing days. As their team scrambled to restore operations, their customers were forced to revert to contingency plans and manual procedures in the interim. Even the venerable behemoths Microsoft and Amazon are not immune to experiencing issues with their cloud-based products. Earlier in 2021, Microsoft Teams customers’ calls were routed directly to voicemail after they implemented a change, causing a good deal of frustration. In December 2021, a much more sizable outage was experienced by Amazon Web Services (AWS), which cascaded downstream to many businesses that rely upon its cloud infrastructure technology to maintain their operations. During the seemingly interminable downtime, the impact ranged from Amazon fulfillment centers screeching to a halt to automated Roomba vacuums becoming unresponsive due to their reliance on AWS.

While the cloud is by and large a safe haven for a business’s data, the technology is not infallible. Taking a “set it and forget it” approach is a risk that could result in considerable downtime. To minimize the risk of an unfortunate outcome originating from your cloud providers, here are some steps to consider:

  • Obtain and review SOC (service organization control) reports on a regular basis for both current and future cloud providers to determine whether they have the necessary resources in place to mitigate downstream disruption. These reports are free for customers of the cloud provider and detail the controls that are in place related to data security, availability, processing integrity, confidentiality, and/or privacy.
  • Develop and periodically test contingency plans and workarounds to withstand disruption to a cloud provider’s services. A business should identify what cloud-dependent services are critical to their operations and then determine if and how they could operate if those services were unavailable for an extended amount of time.
  • Obtain a clear understanding of the backup capabilities offered by each cloud provider. It is very important to know if a business can roll back the data in a cloud application to an earlier date. This allows the business to see if information was accidentally or intentionally deleted or corrupted. Performing a periodic viability test of this capability is very important to ensure a business can quickly recover in the event of tainted or missing data.
  • Determine whether a copy of the data can be downloaded from the cloud provider. Should a business determine they want to move to another cloud solution, they may be facing an exceptionally time-consuming process. If a download of the data can be received upon demand, this data entry process could be significantly reduced.


The cloud offers many advantages, but there will always be a chance of rain. By taking a few precautions, a business can protect itself and increase its chances to weather any storms they may encounter.

For more information on securing the data you store in the cloud, contact Kevin Ricci at kricci@citrincooperman.com.

Our specialists are here to help.

Get in touch with a specialist in your industry today.

* Required

* I understand and agree to Citrin Cooperman’s Privacy Notice, which governs how Citrin Cooperman collects, uses, and shares my personal information. This includes my right to unsubscribe from marketing emails and further manage my Privacy Choices at any time. If you are a California Resident, please refer to our California Notice at Collection. If you have questions regarding our use of your personal data/information, please send an e-mail to privacy@citrincooperman.com.