Data in the Cloud: The Truth Every IT Professional Needs to Know
IT professionals must remember that just because data is stored in the cloud does not mean it is backed up. Here's how you can keep your data safe.
By Rob May, CEO, Backupify
Companies are increasingly moving their important, sensitive data to cloud-based SaaS applications such as Google Apps, Salesforce.com, and Dropbox. Although the benefits of storing data in the cloud are numerous (convenience, cost effectiveness, etc.), it's important for IT professionals to understand the importance of protecting and owning their data, whether it's stored on-premises or in the cloud, in the event of loss or corruption.
According to a recent report by Forrester Research, SaaS application usage continues to increase with no sign of slowing down. In fact, firms say on average they expect to deploy 66 different SaaS applications in the next two years. Additionally, according to Frost & Sullivan, nearly two-thirds of IT administrators surveyed claim that Google plays an important part in their IT infrastructure, and one-third placed Google as the core of corporate IT.
In short, companies everywhere have put their bets on the cloud and cloud apps, not many share the common misconception that data stored in Google apps and other SaaS applications is automatically backed up. The truth, however, is that data loss is a reality and there are several ways it can happen, many of which IT professionals might not be aware.
By far, the number one culprit is user error. Within the user error category, there are a variety of sub-categories, most of which could be described as accidental deletion, which occurs when a user overwrites correct information with incorrect information. Unfortunately, most cloud providers cannot easily reverse such user errors, such as when employee working on an important document accidentally overwrites the data. Because no copy of the data is available, important information is forever lost and must be recreated, wasting time and resources.
Another common cause of data loss occurs during migration, the process of moving on-premises data to the cloud or from one cloud provider to another. This tends to happen, for example, when a company decides to make the switch from Dropbox to storing its data on Google Apps. Data loss and corruption can occur during the migration process and when the process is complete, the IT professional notices there are important e-mail messages or files missing -- but nothing can be done. That data is most likely lost, and again, will have to be recreated.
The most well-known (but not most common) form of data loss and corruption is perhaps the scariest and most unsettling. Hacked accounts represent eight percent of data loss cases in the cloud. Whereas in the past cybercriminals most often targeted on-premises systems, they are now targeting small, private enterprises that have begun to store critical data in SaaS and other cloud-based systems. Financially motivated cybercriminals want to steal copies of customer data and intellectual property that they can easily monetize. For example, the Target data breach, which occurred between November 27 and December 15, 2013, affected at least 40 million credit and debit card accounts. Hackers stole personal information -- including names, phone numbers as well as email and mailing addresses -- from as many as 70 million customers as part that hack.
There is another type of cybercriminal who is politically and socially motivated and hacks as a form of retaliation for some real or perceived offense. These groups of cybercriminals are known as "hacktivists." The most recent threat of "hactivism" occurred prior to and during the Sochi Olympics when distraught citizens threatened to take down any government site that supported the Games. In the end, the damage was limited, but data hacks on government and political sites could result in major data loss, and thus, extreme international problems.
Organizations of all sizes and types are moving their mission-critical data to the cloud. This includes entire cities, educational institutions, and technology companies, to name a few. As this continues to happen, and SaaS applications become more common, important information is now spread out among several cloud service providers. For example, some company data might be stored in Google Apps, and other data stored in Salesforce.com, creating a siloed cloud ecosystem.
As more companies turn to the cloud to store their most important data, IT professionals must ensure that they are closely monitoring and updating their IT best practices. This includes:
- Better password management
- Staying current with the latest compliance and data security regulations
- Ensuring that there is always a backed up copy of their data
IT professionals must remember that just because data is stored in the cloud does not mean it is backed up. To improve IT best practices, organizations should consider managing all of their data in one place. One way to do this is by deploying a cloud-to-cloud backup system that allows for a second copy of all information so the organization can retain ownership of all of its data. The solution will not only benefit the institution at hand, but also create a seamless process for IT professionals to keep data always available and protected in the cloud.
Cloud-to-cloud backup is a specific type of off-site backup that duplicates data in a software-as-a service application (such as Google Apps or Salesforce) and stores the duplicate information in another SaaS system. It takes data in one cloud app and backs it up in another cloud app, never involving a local hard drive or storage system.
Before IT professionals entrust data to a cloud application backup system, it is critical that they validate that the vendor has its own backup and recovery plans in place. If the vendor is using its own data center to host the backups, then they should be able to provide details on their redundancy, distribution, and availability levels as part of their service-level agreement (SLA).
Backing up data in the cloud can have unforeseen benefits. For example, if a business application goes down the day an executive needs to deliver an important presentation or access a critical contract document, backup can save the day if it can be accessed independently. The backup can only work in this case if:
- Backup sets can be accessed even if the source application is down
- Backup sets (or items from them) can be downloaded or exported
- Downloaded items arrive in a format that you can use without the source application
For example, if Google Drive were unavailable and an employee needed a Google Docs word processing document from his or her Google Apps account, the user would need to make sure that their backup provider allowed them to log in even if Google Apps were down. They would also need to make sure that they would be able to download the document, and that the download would give them the file in Microsoft Word, RTF, or some other useable form. Different vendors provide different levels of service for this use case. For example, some Google Apps backup vendors use the Google OAuth service to allow access to backups, so a Google authentication outage also means a backup outage. Be sure to ask about independent access.
IT professionals may choose to consolidate cloud backups with a single vendor. If so, it's important to select a vendor that covers as many cloud applications as the company has or plans to have in the future. Consolidation with one vendor reduces costs, reduces management overhead, and may make it easier to perform archiving or restores when all data for an employee (across applications) is needed. If a company chooses to consolidate, they should consider all the cloud applications they wish to backup today and in the future. Because cloud backup solutions require custom coding to the API of each individual cloud application, each vendor has chosen a different set of applications to support.
Note that if a company is selecting its first cloud application backup vendor and has not yet decided whether to consolidate backups, then it is advantageous to choose a vendor with the widest possible application coverage because it leaves options open to a possible consolidation in the future.
There are many ways to restore data back into a SaaS application. Some backup services require companies to export and then import the data manually a second time into the source application. Others can more conveniently "restore in place" and put the information right back where it was before you lost it. If restoring-in-place, make sure the restoration process clearly marks the restored data back in the source application, especially if multiple versions may be visible to users. Most vendors who support in-place restores make use of application tags to label restored data. Also, vendors offer different levels of support in user interfaces: for single item restores, multi-item restores, or even full restores of the entire set of data for that user. All needed use cases should be supported.
Finally, it's important to remember that the cloud-to-cloud backup vendor will be holding a second copy of the company's data: any assurance that the vendor itself is following security best practices is to the company's advantage.
Rob May is the CEO of Backupify, a company specializing in cloud-to-cloud backup and disaster recovery. He can be reached at firstname.lastname@example.org.