Having a copy of your data offsite is becoming primordial in a world where ransomware hits are becoming very common. What are the problems with backing up to the cloud? Is your data safe in the cloud? What if your cloud provider is hacked? This article will discuss the pros and the cons of backing up to the cloud.
Protection through Backup
A backup is a consistent copy of your data that does not depend on the original data and can be used to restore critical information when an incident occurs. That incident may be caused by internal factors – data corruption, misconfiguration, deletion – or external factors – ransomware attack, virus attack, catastrophic event.
Your ability or inability to recover swiftly from those backup copies can make or break your organization. Companies would purchase a backup solution and perform a near-continuous backup to these live systems. The problem is nowadays, hackers also make it a point to make your backup unusable when conducting an attack. What is the solution then?
You may have heard it in the past: usually, the only way to survive a ransomware attack is to have an air-gapped backup solution that you can recover from when all or most of your data get encrypted. This means you are left with only two options:
- Backup to Tape (The tapes are not connected so they cannot be infected)
- Backup to Cloud (They use proprietary technology to transfer the data and may be able to prevent the attack from extending to their Datacenter)
Tape backup is a great way to achieve your backup and retention requirements.
Cons: They come with an extra management overhead though, you need to label the tapes, move them around, manage them, recycle them and provide them with physical and environmental protection. Using tape is far from a setup-and-forget-solution. You need a dedicated backup administrator to ensure you have consistency and guaranteed recoverability. This overhead is still a light price to pay when you consider the advantages.
Pros: Tapes have a relatively low price when you look at the $/TB values and they are easy to transport and give you the ability to easily keep a copy of your data on every continent if that is your requirement. Create your backup and mail the tape drive to the destination you want to keep it.
Cloud backup has emerged not too long ago and seems to be an easy way to go. Chose your cloud provider and send your backup files to them. Set-up and forget. Very easy route. But is it?
Pros: With cloud backups, you will be able to restore directly back to your environment or other cloud locations such as Azure or AWS; this may even further reduce your Mean Time to Recover. The setup is usually easy and with all the SAAS/IAAS vendors out there you will get a lot of visibility into what you backup and can leverage that to your advantage.Cons: Imagine you took a backup of all your systems and in the event, something happens you need a few critical servers to resume your operations. These servers are probably Domain Controllers, File Servers, Primary Application with Back-End, Front-End, and Database. Let take a guess and assume that to restore all those servers you need to download 2 Terabyte. With a 100Mbps connection on Fiber, it would take 2 days, and that is provided the internet connection is dedicated and uncapped otherwise you would have to reach out to your ISP and negotiate hard.
Cloud is great when you look at the initial setup but when you need to truly recover the entire data that is backed up it may become a problem. Another thing you need to keep in mind is data sovereignty. Depending on the industry some organizations are not allowed to place their data in certain places in the world. You may have to do a lot of research to guarantee your files are not breaking these laws to avoid any penalty.
Is your data safe in the cloud? Well, it depends on how you set it up and the technologies you are backing up with. You should not just copy your files using a protocol like CIFS or NFS as the data will be left unprotected. You need a technology that provides data in-flight and at-rest encryption whilst maintaining the benefits and cost-saving of in-line deduplication and compression. Many cloud providers use API-based proprietary technologies to ensure your data is protected while transiting to them and also while at rest in their environment. They also ensure their systems are multitenant and a breach to a customer will not necessarily affect you.
But what if your cloud provider gets hacked? Well never put all your eggs in one basket. Follow the 3-2-1 rule by keeping 3 copies of your data on 2 different types of media with 1 copy offsite to survive all kinds of scenarios.
I have been in the industry for a while and I saw many things happen to my clients when the business continuity strategy is not appropriately developed. Look at the pros and cons and chose the best of both worlds. Depending on your purchasing power, I suggest:
- Choose a cloud provider that has a data center located within a 4-hour drive from your primary datacenter. That way, should you have to perform a complete restore of your infrastructure, you can physically go to the data center and perform a wire-speed restore
- Always have some Tape copies of your data off-hand and always encrypt your tape backup to avoid it falling into the wrong hands.
- Use software that provides recoverability tests such as Veeam SureBackup to test your backup consistency from time to time.
- Regularly review your business strategy as technology is moving at a faster rate today and you need to stay up to speed.
Complete protection is unattainable but you can do your best to be in a position where recoverability is always possible. Always remember the 3-2-1 rule and use as many backup solutions as it is financially viable for your organization. You will see the value of that investment when a hacker demands 1000 Bitcoins or more to release your data.
Apotica deploys a large portfolio of Next-Generation technologies and is uniquely positioned to advise on the next steps to help build your backup strategy. You can request a free consultation here. To enquire about any equipment or software, call us on +233.54.431.5710 or write to firstname.lastname@example.org.
Apotica, headquartered in Accra, Ghana and brings together the best information and communications technologies to help clients grow, compete and serve their customers better. Apotica is an ISO 27001 and 9001 Certified Organization.