Should you trust your cloud provider to protect your data?
Around the world, businesses are moving to the cloud at a rapid rate. But Leo Lynch questions whether the cloud is really the best place to store your mission-critical data and applications?
Around the world, businesses are moving to the cloud at a rapid rate. But is the cloud really the best place to store your mission-critical data and applications? Is it truly a safe place to put data and apps that need strong protection?
The immediate answer from many companies is “yes.” A recent study by Dimension Research, commissioned by StorageCraft, found that 55 percent of Australian and New Zealand businesses believe data backed up to the public cloud is safer than data backed up on-premises. Further, the study showed that nearly 38 percent of the same businesses believe it is the responsibility of their cloud provider to recover data and applications in the event of an attack or loss.
But are these beliefs about the safety of cloud data correct? Can businesses rely solely on their cloud service provider for data protection?
Leading providers like AWS, Microsoft Azure and Google Cloud Platform typically secure core infrastructure and services as part of their responsibility. But, when it comes to securing data, that responsibility lies squarely in the hands of customers. Businesses that overlook this simple fact face a much higher likelihood of suffering a serious data loss.
And yet, the general perception remains that if something happens to your data, it’s not your responsibility. Too many organisations have convinced themselves that their cloud provider will take care of solving any issues for them and magically recover all their data if it’s lost.
Unfortunately, that is not the case. Take, for instance, data generated in a cloud app like Microsoft’s Office 365. Yes, Microsoft guarantees the service, but it doesn’t guarantee the security of the data you generate when using the service.
Office 365 does have some basic data protection schemes in place, such as a 30-day recycle bin that allows users to recover and restore deleted data within a 30-day window. That’s important because users will sometimes accidentally delete or purge their data and then realize they need it for legal reasons. After that 30-day limit, however, the data is gone for good. Microsoft, for its part, makes this clear in its terms of service: users own their data and are responsible for what happens to it.
This misconception around data responsibility is somewhat understandable. In particular, the StorageCraft study found that small and midsize companies are much more likely to believe that their cloud provider will bail them out in the event of a data loss. For instance, 52 percent of midsize companies globally believe that their cloud provider is responsible for data recovery, compared to just 43 percent of enterprise companies who believe the same.
Many of these smaller businesses trust that sophisticated, near trillion-dollar cloud providers like Google, Microsoft, and Amazon have ironclad capabilities when it comes to data protection. They think they don’t have to worry, and they’re in good hands. While that’s generally true, they don’t realize that data loss and recovery are separate issues and their own responsibility.
There is also a strong belief among businesses with a cloud-first strategy that their data is safer in a public cloud than it is in an on-premises facility. The study found that 76 percent of companies with an overt cloud strategy feel their data is safer in the cloud, compared to just 37 percent of companies that prefer to store their data on-premises.
But no business, wherever it’s located, should have a false sense of security. The truth is that, whether it’s an issue of data corruption, a security breach or even accidental data deletion, the onus is on you to recover that data, not your cloud provider.
So, then the question all companies need to ask is this: when something bad happens, how are you going to get your data back? Then ask yourself what level of risk you can tolerate and what kind of data you are putting in the cloud. Is it data that’s mission-critical and can you afford to lose it? Will your business run exactly the same without that data you just lost and if not: how bad will the impact be?
Once organisations realise that they can’t rely on their cloud provider, they start to understand what kind of data-recovery capabilities they do have and also what they might need to add to stay protected.
The good news is that there are easy-to-use, cost-effective solutions that enable organisations to simply, yet powerfully, manage their data-storage and backup requirements, whether on-premises or in the cloud. Instead of mistrusting their cloud provider, organisations can simply set up a truly effective data-recovery strategy. Adding that extra, yet highly necessary layer of protection to your cloud data could be the difference between a business that successfully responds to adversity and one that succumbs to disaster within days while realising that it relied on cloudy promises.
Article supplied and written by Leo Lynch (pictured), director of StorageCraft ANZ.