What are best practices in cloud storage contingency planning?

I for one have been using various flavors of this for about 15 years; while no disasters* have hit, I've been impressed by the utility of small scale repairs (power out, room flooded, etc).

In my experience, the current providers are doing the right things: redundant geographically; good recovery tools; virtualized server backups...as far as performance, the providers out there are in a very competitive market, and there are non-finite solutions to meet your specific needs. We could do all of this when I was at IOS a decade ago, and it has gotten much, much better.

Regarding security, there are flavors. Peter Magnusson over at Google had a great presentation on this last year at CloudConnect; in the debate over proprietary clouds and open clouds, in theory the proprietary one is safer as it is like a walled city. A highly controlled environment like that can offer levels of verification that an open system can't. It is, however, a big target, so there seems to be a tradeoff.

Generally speaking, however, these guys are heavily reliant on trust and focus on security, so they do the right things right. It isn't a guarantee, but likely they can do a better job than your own shop. On the list of things to worry about, this one is relatively low for me. Device level security is much, much higher.

The one where I've not seen the majors do a good job yet (I stopped looking for this 3 years ago) is in protection from deemed-export. You can get your own server at Rackspace and lock it, and meet the guidelines, but that is just hosting. To meet ITAR and related requirements requires a dedicated infrastructure cloud-wide. If you look at Nexprise, for example, they provide this but by giving you (in most cases) dedicated space. That is not cloud.

*Perhaps I've been jaded because I could recover from flooding? Had I not, it would have classed as a disaster.