Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. In this feature, Arcserve Director of Product Management Ahsan Siddiqui offers the essential data loss prevention best practices to know right now.
Many organizations still think that data protection is the responsibility of their cloud provider. They assume that the provider will handle all aspects of data protection, including backing up and recovering the data.
They are mistaken. Thinking that data protection is the responsibility of your cloud provider is a dangerous mindset because it can lead to a false sense of security. It’s like thinking that because a grocery store is convenient and offers a wide variety of items, it guarantees the safety of all its food products.
Just as it’s your responsibility to check expiration dates and make sure you’re buying products that won’t make you ill, it’s your responsibility as a cloud customer to ensure you’re using the service wisely and protecting yourself from potential disaster.
While cloud providers do take steps to protect their customers’ data, it is ultimately the customer’s responsibility to ensure that their data is backed up, secure, and recoverable. The cloud provider cannot control all factors that could lead to data loss, such as user error, hardware failure, natural disaster, or malicious attack.
In today’s digital landscape, data is the lifeblood of the enterprise. Losing it can be catastrophic. It can result in loss of customers, brand reputation, revenue, and, ultimately, the enterprise itself. And data loss does happen. For example, a study conducted by Enterprise Strategy Group found that 81 percent of Microsoft 365 users have had to recover data, but only 15 percent were able to recover all of it. Experts predict that over 70 percent of companies will ultimately experience business disruption due to data loss from SaaS applications.
2023 could be the year we see the first major SaaS outage. Say a hurricane comes, and a cloud provider’s server farm crashes. Then what? That’s when the message will hit home very quickly that data backup and protection must be front and center.
The good news is that more organizations realize data loss could happen to them—and if it does, it’s their job to recover the data. When asked in a recent survey whose responsibility it is to recover data and applications in a public cloud in the case of an attack or loss of data, 57 percent of respondents said it’s their responsibility. Only 43 percent said it’s the job of their cloud provider.
That’s a good sign. But too many IT decision-makers still rely on their SaaS vendors for data protection. Organizations need to address this disconnect. Businesses must understand that their data is their responsibility.
Just as you would check the date on a carton of eggs before putting it in your grocery cart, you must implement proper security measures to protect your data in the cloud. Here are three strategies to ensure the security of your data, even if your cloud provider experiences a disaster.
Data Loss Prevention Best Practices
Do Your Due Diligence
Ask your cloud provider several vital questions to ensure it can deliver security and continuity for your business. For starters, what measures does the provider have in place for business continuity and disaster recovery? What are the service-level standards for uptime? For example, is the service designed to be operational 99% or 99.999% of the time?
The difference can significantly impact your business; 99.999% equates to minimal downtime, whereas 99% equates to several days of disruption per year.
It’s also important to ask whether the provider offers data backup services. If so, are they included in the subscription, or do you need to secure additional coverage through a third-party partner? Also, how straightforward is it to switch to a different cloud provider if necessary? Considering this is essential, as moving between providers can sometimes be a significant hassle.
Have a Backup Plan
The 2021 fire at OVHcloud’s data center in France highlighted the potential risks to data in the cloud. The incident affected many websites, including government agencies, e-commerce businesses, and banks, and resulted in data loss for some. While much of the data was backed up and recovered, other information was lost forever.
A good backup and recovery plan is essential to protect your data in the event of a disaster, whether natural or man-made. Part of your plan should involve simulating a business disruption to test and assess your ability to recover. It’s also important to regularly test your backup images to identify and fix any potential issues before they occur. In a disaster, it is critical to ensure that the backed-up data is available and can be quickly restored.
The OVHcloud fire is an example of the importance of having a recovery plan. Those customers with a plan in place at the time of the fire were more likely to minimize damage and avoid permanent data loss.
When you evaluate cloud providers, make sure that the provider you choose offers immutable storage. Immutability is a type of data storage in which, once data is written, it cannot be modified or deleted. Any changes to the data must be made by writing new data rather than by altering or deleting existing data. Immutable storage protects data integrity and ensures that data remains unchanged over time.
In the case of a ransomware attack, for example, attackers may attempt to encrypt or delete data to disrupt a system’s operation or demand a ransom for the decryption of the data. The
attackers cannot alter or delete the data if the organization uses immutable storage. The company can use it to recover from the attack even if the attackers successfully encrypt or delete other data.
Similarly, in the case of a system outage, immutable storage can be helpful because it enables organizations to access a copy of their data. It can be essential in cases where the outage occurs due to a hardware or software failure, as it may be difficult or impossible to access the data stored on the affected system.
Immutability is a must-have for any cloud provider. Selecting a cloud provider without immutable storage is like renting a car without a spare tire. Just as a spare tire is essential for any long road trip, immutable storage is crucial to any reliable and resilient cloud infrastructure. Without it, you leave yourself vulnerable to data loss or corruption from external threats or system failures.
The abundance of vital documents, records, and communications now stored in the cloud means that data loss is not an option. Organizations must back up all mission-critical data and ensure it is fully recoverable. However, it is also essential to understand that your cloud provider is not responsible for safeguarding your data. In the realm of data protection in the cloud, it is wise to hope for the best and prepare for the worst. A solid plan will ensure that you’re ready for any eventuality.
- Expert Reveals 3 Data Loss Prevention Best Practices to Know - January 26, 2023
- Data Resilience Strategy: Consider a Multi-Layered Approach - December 1, 2022
- A Five-Step Ransomware Disaster Recovery Plan Template to Consider - August 10, 2022