You think data is secured…but do you know?
Four steps to protect your data against disaster in the cloud, by Florian Malecki, Sr Director – International Product Marketing at Arcserve
Is your data truly safe when you move to the cloud? The recent fire at OVHcloud’s data centre in France proves that it is not. The fire impacted millions of Web sites — including government agencies, e-commerce companies and banks — and resulted in a lot of data loss. Some of that data was backed up and saved, but some is now lost forever.
And yet, many businesses still think that if their data is in the cloud, it’s backed up and protected by their cloud provider. Indeed, a recent survey by Arcserve found that 44% of respondents believe protection and recovery of data stored in public clouds is the cloud provider’s responsibility. It’s not.
So why the misconception? For starters, many cloud customers think that because cloud services are now so prevalent and easy to use, they’re also safe and disaster-free. Well, ride-share services are also prevalent and easy to use, but riding with one doesn’t protect you against a car crash. Yes, you don’t have to worry about buying gas or maintaining the vehicle. But once you’re in the car, it’s still your responsibility to act responsibly and make sure you’re wearing a seatbelt. That’s the part many cloud customers forget.
Here are four ways to keep your data safe, even when disaster strikes your cloud provider.
1. Don’t rely solely on your cloud provider to protect your data
When moving to the cloud, companies need to realise that cloud security is a shared responsibility between them and their cloud provider — and that the sharing is not entirely equal. It is you, the customer, who is primarily responsible for protecting your data in the cloud, not the service provider.
Leading providers like AWS, Microsoft Azure and Google Cloud Platform typically secure the core infrastructure and services as part of their responsibility. But when it comes to securing operating systems, platforms, and data, that responsibility lies squarely in the hands of customers. Organisations that overlook this simple fact face a much higher likelihood of suffering data loss.
If you sign up for a service like Office 365, for example, Microsoft clearly states in its terms and conditions that it does not take responsibility for your data. It’s your responsibility to manage and protect your data. Typically, Microsoft will back up your data for 30 days. After that, it cedes responsibility. This is why it recommends that you use third-party software to protect your data in the long-term.
Business owners need to be aware of their responsibility and ensure they have protection solutions in place. They regularly test how they can recover from data loss if it happens.
2. Follow the 3-2-1-1 data-protection strategy
The 3-2-1-1 strategy directs that you have 3 backup copies of your data on 2 different media, such as disk and tape, with 1 of those copies located offsite for disaster recovery. The final 1 in this equation is immutable object storage.
Companies should look for a cloud storage solution that safeguards information continuously by taking snapshots every 90 seconds. This means that even if disaster strikes, you can quickly recover your data. With immutable cloud storage, there will always be a series of recovery points, ensuring your data remains protected.
3. Ask the right questions
There is a list of essential questions you should be asking your cloud provider. You should ask it what procedures it follows for its own business continuity and disaster recovery. You should also understand its service-level standards. Is its service designed to stay up 99% of the time or 99.999%? The difference between just one or two 9s can be the difference between three full days of downtime per year for your business versus 27 minutes of downtime per year. And that difference can have a significant impact on your bottom line.
Also, find out if your cloud provider offers the additional data backup that lets you backup your data to various geographic locations. And if so, is that service built-in, or do you need to subscribe to a third-party data-protection partner to ensure you have the proper data backup and disaster recovery plan in place?
Finally, ask how easy or difficult it is to move to a different cloud provider. Moving from one provider to another is often easier said than done.
4. Have a recovery plan in place
Having the proper backup and recovery plan enables you to protect your data if and when disaster strikes. Your plan should include a simulation of business disruption to assess your disaster recovery plan. It should also include the regular testing of your backup images so you can resolve any issues before they occur. In the OVHcloud fire case, customers who had a recovery plan in place were more likely to escape maximum damage and permanent data loss.
When it comes to data protection, companies should hope for the best and prepare for the worst. Having a solid plan in place will ensure you always land on your feet — no matter how far you fall.