Host Configuration data in the cloud environment should be part of the backup plan.
You should conduct routine tests and restore hosts as part of the disaster recovery plan (DRP) to validate the proper functioning of the backup system.
This thought process is the same regardless of the vendor equipment being used to supply hosts to the organization and the vendor software or hardware being used to create and manage backups across the enterprise.
You need to understand what the critical configuration information is for all the infrastructure you manage and ensure that this information is being backed up consistently in line with the organization’s existing backup policies.
Further, ensure that this information is being integrated into, and accounted for within, the business’s continuity and disaster recovery (BCDR) plans of the enterprise.
The biggest challenge in this area is understanding the extent of your access to the hosts and the configuration management they are allowed to do as a result.
Host Configuration is typically framed with two important capabilities
Control: The ability to decide, with high confidence, who and what is allowed to access consumer data and programs and the ability to perform actions (such as erasing data or disconnecting a network) with high confidence both that the actions have been taken and that no additional actions were taken that would subvert the consumer’s intent.
(For example, a consumer request to erase a data object should not be subverted by the silent generation of a copy.)
Visibility: The ability to monitor, with high confidence, the status of a consumer’s data and programs and how consumer data and programs are being accessed by others.
The extent, however, to which consumers may need to relinquish control or visibility depends on several factors, including physical possession and the ability to configure (with high confidence) protective access boundary mechanisms around a consumer’s computing resources.
This is driven by the choice of both deployment model and service model, as has been discussed previously.
