Cloud Backup, is it ready?

by [Published on 6 March 2013 / Last Updated on 6 March 2013]

In this article the author discusses why organizations move to the cloud and what security measures are required for safe cloud computing.

Introduction

In previous articles we’ve looked at how people are using the cloud to store corporate data and what should be done to securely store data in the cloud. In this article we will cover the reasons why people move and what the current status quo is. We also look at compelling reasons to move and what security steps we should always consider for safe cloud computing.

Areas to consider before choosing a cloud storage model for your organisation

  • Space

Most importantly when it comes to storage, space is crucial. The organisation needs to consider not only the space required at present but consider increased space that may be necessary in the future. The space provided should always be isolated from other data so that your data is separate and not mixed up with data that does not belong to you.

  • Cost

The cost is usually an agreed monthly sum that is easily budgeted for. However it is advantageous to look at services you may require in the future and consider any increase in cost and if this would be an affordable option for the organisation in the near future. Rather than selecting the cheapest solution consider security and pay a little more for the lock on the door…

  • Data Transfer

In the event the organisation decides to change cloud providers, what is the criteria surrounding moving your stored data in a secure manner. It’s important to cover this in your contract with the cloud provider. There is no point in storing it securely, but when transferring data it’s sent in the clear or not transferred in a secure way. The ability to change from provider to provider is part of your security concern as this has a major impact on availability if the provider were to go under or indicate that it was struggling to continue to be in business. In the current economic conditions this is something that must be considered if corporate data is being stored in the cloud.

  • Storage of data

The type of information you wish to store and the degree of accessibility you as an organisation require. It’s beneficial to group your information so that the information that needs to be accessed more frequently is separate from the information that need not be accessed for easier management. By prioritising the data, the deployment of the initial cloud backup would run more smoothly allowing critical data as well as frequently used data to be backed up first.

  • Security of data

Security of the stored data is very important. The organisation is responsible for the data it stores in the cloud and needs to ensure it is secure and is only being accessed by authorised individuals. Think of the security in three simple steps:

  1. Confidentiality: is my data encrypted and are there strong access controls around the access to the data?
  2. Integrity: how can I be sure that my data is not being accessed by anyone other than authorised individuals and that my data is safe, isolated and backed up?
  3. Availability: is my data always available, can I and other authorised individuals get to the data, whenever required and is the company I chose to store my data going to ensure this is always the case?
  • Size of the hosting organisation

The size of the company is important to consider. It is crucial to envisage where your company may be in the future. With company growth storage requirements increase as well as security requirements. One should not discount features that are not pertinent at present as in the future those same features may be essential to the company. Flexibility within a cloud provider is beneficial.

  • The cloud provider

Have a contract with the cloud provider in place, highlighting all the areas of concern.

Reasons organisations are choosing the cloud for data backup

  • Disaster recovery

Backing up data should be done on a regular basis within organisations. Regular monitoring of these backups and updates to ensure everything is always working to its full potential is essential. This is not always the case, many businesses fall short of testing their backups regularly and when trying to recover data from backup tapes are unable to fully recover data. Even when backups are working to full potential, this is of no use if you find yourself in the unfortunate situation where your onsite servers are destroyed, through fire, theft, natural disaster or even system crashes. All critical information could be lost within minutes. This is one of the reasons driving organisation towards offsite cloud backups. With the backups secure in the cloud, the critical information is easily restored. Disaster recovery is now more cost effective, less time consuming and less damaging to the organisation and its customers.

  • Eliminating Manual backup responsibilities

The tedious and time consuming yet essential task of backing up to tape is eliminated. The hours spent on manual backup can be focussed elsewhere. Cloud backups can be set up to suite the organisation’s needs; they are automatic and backup within minutes of being updated. A managed service could alleviate the tasks of monitoring the data amongst various other services dependant of the cloud service provider of choice. Cloud back up is reliable reducing room for human error. Removing the human component from backups is a main factor for moving to cloud backups. Human error is the most common contributor to data loss.

  • Cost

Cost is a definite contributing factor whether organisations choose to move to the cloud from internally hosted IT. The cost of purchasing essential hardware and software, acquiring the floor space for storage, the electricity and staff all adds up. Cloud storage is more affordable and with increased competition in this market will only become more cost effective over time.

Cloud backup is usually based on an agreed monthly service fee. This is a predictable cost. Due to the service using the providers infrastructure and proficiency and its automated benefits there is no hidden cost for software, hardware, maintenance. The cost of backup is now exceedingly reduced and easily budgeted for. In times when money is more difficult to come by this is a very persuasive reason to move to cloud backup.

  • Reduced risk of interruption or downtime

Cloud backup covers the entire data protection process to secure data effectively and with reduced risk. The steps that are involved for correct backup procedure are addressed:

  1. Ensure the backups are quick, complete and uninterrupted.
  2. The backups are automatic, transferring information immediately to the offsite location
  3. The backups are stored securely with the correct retention policies in place
  4. Rapid recovery of up to date data

With all these aspects covered the risk of downtime is minimal and the potential cost incurred through downtime reduced.

  • Restoring data

Cloud based recovery enables the organisation to restore data within minutes. You can opt for the recovery service whereby only changes in the files and database are transferred allowing faster recovering and reduced risk of corrupting data. Bandwidth usage can also be controlled to manage workload and data flow. Recovery can be done when convenient for the organisation directing the bandwidth to tasks as necessary. There is no point backing up if you can’t recover!

  • Cloud provider services and skills

By using a cloud service provider the organisation benefits from a range of services. The cloud provider is able to manage and maintain the process of protecting the data. By leveraging the cloud providers services and expertise you can gain access to the latest technology and services at predictable pricing. The service allows for scalability and flexibility.

  • Compliance

Organisations are realising the impact of not complying with the data protection act. It is the organisations responsibility to keep their data secure and maintain compliance with the data laws. However backing up data to the cloud offers protection that other forms of backup may not. Cloud backup is automatic thus consistent and secure during all stages- in transit, storage and access. Backing up to the cloud assists the organisation with data compliance however does not remove the responsibility from the organisation.

  • Security of data

A cloud provider has a dedicated team of security IT professionals providing regular updates to the software and operating systems. The level of security resources offered by the cloud provider would be difficult to achieve internally. By opting to use a cloud provider your data is likely to be more secure.

An organisation can opt for a cloud service provider that uses encryption as part of the security regime for data. By encrypting data before transit and keeping stored data encrypted ensures data is secure at all times and only available to authorised users.

It has been established that cloud storage is not only secure, but safer and more reliable than keeping data internally, even with in house backups.

  • Easy to set up and use

Cloud backup services are simple to implement and use. They offer a range of services adaptable to suit the organisations requirements. Easy to manage and monitor backups and recovery from anywhere. They allow more accurate reports and better decision making for scheduling, forecasts, and budgets.

  • Access

All that is needed is an internet connection and the organisation has access around the clock- all hours, all week and all year long.

Security steps to ensure a safe move to the cloud

  • Undertake a risk analysis

Undertake a in depth risk assessment to obtain a good understanding of the organisations level of risk tolerance and put procedures in place to minimise the risks especially in areas where the organisation cannot tolerate failure. Ensure procedures are in place to certify compliance.

  • Evaluate the security offered by the cloud service provider

Be knowledgeable of the different areas of security offered by the cloud service provider ensuring the level of security offered is equal or superior to the level you would obtain in-house. Evaluate the physical security of infrastructure and facilities. Make sure you understand and agree with the security terms laid out by the cloud service provider and understand the responsibilities of the various parties involved.

  • Be knowledgeable of the exit strategy

Make sure that there is an exit strategy in place allowing you to retrieve your data in a secure practice. Make sure the contract has a clear method in place regarding backup retention and deletion.

  • Network connections

Ensure that the network connections are secure at all times. Make sure that the security measures are practiced by your cloud provider.

  • Security policies and procedures

Set up security policies with regards to securing data and privacy of data. Ensure that your organisation as well as the cloud provider is adhering to those policies and procedures at all times.

  • Secure your data

Secure your data as best you can. Encrypting the data before it is backed up in the cloud ensures that only authorised individuals have access to the data. Maintain control over who has access to the data within the organisation.iPower's Top 10 Reasons to Backup to the Cloud

Conclusion

The task of protecting important information within an organisation is vital. The loss of information critical to an organisation would be to the organisations detriment, could even cause closure. With this in mind and the importance to keep company secrets secure organisations are adopting cloud backup solutions to address data protection challenges they are being confronted with. Cloud backup improves the reliability of backups. All of this is achieved through a cost effective means ensuring cloud storage and backup is becoming the new standard for corporations.

The Author — Ricky M. Magalhaes

Ricky M. Magalhaes avatar

Ricky M Magalhaes is an International Information Security architect, working with a myriad of high profile organizations. Ricky has over 16 years of experience in the security arena covering all ten domains including best practice and compliance. Ricky is a strategist on security and innovating creative ways to achieve compliance and mitigate risk, to many blue chip entities and forms part of the advisory boards to many organisations worldwide.

Latest Contributions

Featured Links