Data loss in the Cloud.

Written by: Daniel Pitcher |

Think you are immune? Data loss in the Cloud happens.

The idea that your data is already safe is one of many misconceptions we encounter around the subject of “the Cloud”, but almost 80% of organisations using Software-as-a-Service (SaaS) have lost data*.

While Cloud computing has become increasingly popular in recent years, a large number of organisations we meet are not backing up their SaaS data. In a lot of cases, they haven’t even considered it.

This appears to stem from a widespread misunderstanding of what the Cloud is and the risks of storing your data there; and let’s face it, the definition of “the Cloud” is as foggy as the water vapour hovering above our heads that it’s based on.

Many of us think of the Cloud as a backup tool or location, as in most cases this is exactly what we were using it for when we started to regularly use the term.

We started leveraging faster internet speeds and increasingly cheaper, online storage platforms to back up our on-premise systems. We could now remove the manual processes, vulnerable to human error; a burst water pipe in the server room on the day you forgot to take the tape home was no longer a risk.

We started using synchronisation services like Dropbox, OneDrive and Google Drive for mirroring our data across our computers and the internet. When your laptop died from a red wine related incident, conveniently, you would load the software on a new computer, or log in to the web portal, and, voila! Your data was back.

The providers of these services needed our trust. To do this, they invested in the technologies to make their systems highly available, redundant and resilient against disasters. Whilst our cloud-backup data and our cloud-synchronised data was not our live production data, we had reassurances that it was robust.

Today, more organisations than ever are using SaaS to run their critical applications. As we began to see the advantages of storing our backup data in the Cloud, it became more and more apparent that we could utilise the Cloud as an alternative to our on-premise systems. We kept our live production data on someone else’s systems, reducing our capital outlay, upfront investment and general IT overheads to achieve a more predictable expenditure. This was a winning formula for software developers, because they could now charge us a small, regular subscription to access their tools, rather than trying to convince us to buy a new version every 3 to 5 years; a steady income stream. It’s no surprise they now push and develop their online services over their on-premise offerings.

But with so many of us using Cloud-based services to store our critical data and applications, why are we overlooking the protection of these systems?

It may sound daft, but a lot of people we speak to don’t think you have to backup “the Cloud”. And there are a number of reasons for this.

Some people don’t even consider data loss in the Cloud a possibility, but as we stated above, data loss in the Cloud happens. And if it hasn’t happened to you yet (and it is fairly likely it already has, possibly without you even being aware of it), it is only a matter of time.

The top reasons* given by organisations for Cloud data loss are accidental deletion, loss of data during SaaS migration, accidental overwriting and hacking. And this is just in the instances that those organisations were aware of the data loss.

Human error is the biggest danger. Regardless of where you store your data or run your applications, if people interact with it, you are vulnerable to this. You can attempt to mitigate this with training, policies and procedures, but errors are inevitable. Sometimes, those people may not advertise the data loss, maybe wanting to avoid repercussions, even starting their work over.

Even if human error isn’t a factor, you also have to contend with malicious acts that lead to data loss from cyber-attacks, hackers and ransomware. We’re all under bombardment from malicious third-parties who are continually looking to overcome our technological barriers and socially-engineer their way in to steal our data, often for financial gain. And now, with more and more organisations storing their critical information with the big providers, like Google, Microsoft and Amazon, these high-profile targets are an even tastier, one-stop shop. And perhaps, by embracing these platforms, we may have made their job easier.

And don’t forget the disgruntled employee. Whilst they are working for us, they have our trust and many freedoms with our data. Unfortunately, that often includes the ability to delete or corrupt it, regardless of whether we store it on-premises or online.

Data can also be lost whilst migrating to and from Cloud platforms. These routines, whether going from on-premise to online, online to on-premise or online to online, introduce risks of data corruption, errors and incompatibilities. And these risks are equally applicable when incorporating third-party plug-ins and services.

Often people we speak to, think the service provider is protecting their data. To an extent this is true. As we discussed earlier, the providers have redundant systems, hardware and multiple sites, along with their own backups. But these are geared up to ensure they continue to provide service. Those backups are not there to protect your data and those systems, and unlike your old on-premise backup tapes, are not directly accessible to you.

The small print of most service providers will state that the backup of your data remains your responsibility, especially when the loss is caused by your own staff. And whilst the provider losing your data is a relatively small risk, there have been instances in recent years, where customer data was lost due to irrecoverable failures. And those that didn’t read the service level agreements closely, were caught with their trousers down. In late August 2019, an Amazon Web Services power outage led to irrecoverable data loss, with one affected customer tweeting “Reminder: The cloud is just a computer in Reston with a bad power supply”.

This ties in nicely to a point that is often raised correctly, that data stored in the Cloud, isn’t vulnerable to a disaster at your own premises. That doesn’t mean it isn’t vulnerable to disasters in the Cloud, or the many other more common factors that can lead to data loss. It is still just a server, just not yours.

Some providers provide add-on backup options to accompany their services, but it is important to examine these closely. These backups aren’t always that flexible or customisable to your needs. Recovering data from them may prove more challenging than you expect, costing precious operating time for your organisation.

You should be asking; How useful are these backups? How frequent are they? What format are they available in? How quickly can you get access to them? How long would it take you to restore them? Can you do item-level recovery? Can you only do item-level recovery?

If you run a hybrid environment, with some applications and data on-premise and some online, you may feel comfortable because you have a tried and tested, on-premise backup system. But it is critical to be aware of what data is located on-premise and online. It’s easy to make assumptions about what data is covered by these backup routines and overlook where an application stores its data, particularly as you migrate to SaaS applications. It’s not always clear.

Due to the ease of accessibility of SaaS applications to the end-user and the challenges in policing online activity, we often find staff members have started using SaaS applications internally, without a formal adoption within the organisation. You may find your people are storing data in Cloud platforms that aren’t protected by your on-premise backup system.

No matter how much you have invested in your on-premise backup system, it will be no use to you if the data you need to recover is only stored in the Cloud.

Finally, it’s important to understand the value of the data you are storing in the Cloud. Many of the features and tools we utilise in the Cloud through SaaS are so simple and basic that it’s easy to forget the value of the data we are putting through it, and dismiss the importance of backing it up or recording it.

Software such as Teams and OneDrive can often be used for sharing drafts, ideas and conversations that aren’t stored elsewhere. Whilst these interactions are often quick and routine, these can provide traceability and history that may be more critical than it appears. Don’t assume that data stored in SaaS applications isn’t worth backing up.

Digital Network Solutions (DNS) is experienced in both traditional and Cloud technologies and offers a range of solutions for backing up your data whether you store it on-premises or online (or both). To learn how we can protect your data, call us on 01603 778255, visit our website www.dignetsol.co.uk or email us contactdns@dignetsol.co.uk.
 

*Figures obtained from the SPANNING Global Data Protection Survey Report 2016
Music credit: https://www.royaltyfree-music.com