Organizations in both the private and public sectors have increasingly turned to cloud service providers (CSPs) to support their technical infrastructure, primarily to reduce IT costs and increase the efficiency of computing resources. In many cases, CSPs can also offer protection from security threats and increased cyber resilience — though customers often face trade-offs when they rely on cloud providers for these protections.
In the area of cyber resilience, in particular, organizations can offload much of the responsibility for keeping computer systems up and running by relying on cloud service providers, but this also means relinquishing much of their own control over those resilience measures.
Defining Cyber Resilience
The resilience of computer systems can mean slightly different things to different organizations. For some, it refers to maintaining a system that never goes down, while for others it refers to a system’s capacity to recover from incidents and outages as quickly and painlessly as possible.
The National Institute of Standards and Technology (NIST) defines the resilience of information systems as “The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.”
The Cost of Downtime
Although the types of incidents and their consequences vary from business to business, a connection between cloud service providers cyber resilience
