Since the inception of computers beginning as early as the 19th century, there has been a need to “backup” data in case of possible disasters both natural and man-made or hardware and software malfunctions. As computers have evolved over the years, backup technologies, philosophies and processes have changed in parallel. Today’s computing environments, backup is only one part of a comprehensive data protection plan for critical organizational, customer and partner data. Even with hardware more reliable than ever before, there is still a critical need for a thoughtful, multi-faceted data protection plan.
The IT decision maker of 2018 is faced with several challenges and many opportunities. There are more technologies and services available than ever before to organizations; an extensive “Sears Catalog” of affordable SaaS services to achieve more. Organizations are going to continue to move more data to the cloud for the cost savings on renting infrastructure opposed to buying it and building it from the ground up. This also grants employees access to data everywhere on any device with an internet connection. This increased complexity means some data resides in the cloud while most still remains on premises. Therefore, a sensible and well thought out data protection plan serves as the guardrails to ensure success.
Yesterday’s back office and the rise of the cloud
With the rise of cloud and software-as-a-service (SaaS) displacing on-premises enterprise applications, several might think “backing up the data” is not a requirement because that is the responsibility of the cloud or SaaS provider. This mentality is a mistake, as protecting cloud hosted data should be a critical piece when implanting and reviewing data protection services.
It is true the various SaaS providers such as Salesforce, Office 365, Workday and the three thousand others most certainly back up the data. Cloud providers also have some security advantages to point to as well. For example, there are many more contingency plans than a typical IT department with more diligence on software updates and the latest technologies for malware detection, signature based or other. It’s worth noting they most likely have more physical security for their data centers as well. However, the type of backup at this level does not protect against your organizations from human error or malicious attack.
With all of these advantages, you cannot lose sight or forget about that data. Bringing organizational data to the cloud does not mean you leave access governance and security in the hands of the cloud providers you use. In many cases, access and security controls as well as usage tracking capabilities are limiting.
Protecting data in the cloud is partly your responsibility
AI-powered dark web malicious bots can assume user behavior patterns and ruin data stored in SaaS services. Granted these black hat bots can also do harm to on-premises systems, and this is why the IT department down the hall has a rescue backup and recovery.
But what about the valuable data stored in the SaaS CRM system?
SaaS data needs to be backed up separately from the primary source, by a trusted third-party in order protect against new emerging threats that corrupt, hold ransom, or destroy critical information.
In fact, if you look back over the last year’s data breach events, there are several examples to point to involving data being protected by cloud providers. For example, the Republican National Committee leak exposed voter data of nearly 200 million United States citizens housed in the Amazon Web Services (AWS) cloud provider. This wasn’t even the fault of AWS itself.
This is why the organizations need to “re-think” backup and up-level to a more comprehensive data protection theme.
Consider your entire data footprint
In achieving an overall data protection plan means considering the overall data footprint, where the data resides, regardless of physical location. This means thinking beyond on-premises backup systems. SaaS data is often overlooked, perhaps believing the data is already protected, but it really isn’t. SaaS vendors strive for reliability, but are also susceptible to software defects, infrastructure failures, or human error.
As a start, replace “backup” with “data protection” in your IT lexicon. By doing this, you will recognize the need for a more thoughtful and comprehensive plan to protect data. This means:
- A security review of data stored in the cloud.
- A review a contingency plan for outages.
- Enforcing policies for compliance and data access
- Reviewing SLAs from SaaS/cloud vendors
The bottom line is regardless of where your data resides, you must apply all of the same data access and security controls as if it were in your own on premises infrastructure. A good plan is to evaluate security and data protection technologies that span both on premises and cloud data that provide a central platform to manage all your organizational data. Taking a unified approach will combine key capabilities and functionality that are essential for effective data protection.
Companies will continue to move more data to the cloud for the performance, reliability and elasticity. If you are smart, evaluate your overall data footprint and transform from your mentality and approach from your traditional back office IT to a streamlined and easily managed data protection technology stack for both cloud and on-premises data.