29 June 2021
It’s no surprise that cloud technologies have taken off in recent years, and especially since the pandemic. The mandated changes to our lives have seen digital transformation efforts accelerated, and a re-examination of the ways that businesses operate, and store and manage data.
Multi-cloud environments have proven especially popular for IT departments seeking further flexibility and choice in their IT footprints – especially where business needs might differ from department to department. But while the flexibility can be invaluable, without properly securing cloud environments, vulnerabilities can remain hidden until it’s too late.
Prepare for the worst
Businesses can make real gains just by getting the basics in place. Standardised encryption practices, multi-factor authentication, and well-oiled internal recovery processes are just three initiatives every business should consider. An outage or data threat like ransomware might never happen, but if teams know immediately how to respond, their impact can be mitigated.
The ability to ‘keep the lights on’ and data available makes everything else a modern business does possible, and it should remain front of mind during the assessment and selection of any kind of cloud technology. The convenience of such services should not come at the risk of significant disruption if an incident happens. Outages are a matter of if, not when, and for those businesses turning to public cloud providers to host data and services, such partners often make no guarantees that their data is recoverable should an incident occur.
As many as 8% of sysadmins globally say their organisations do not back up data from public cloud-hosted services like Office 365, according to the Veeam Data Protection Report 2021. This total reliance on the public cloud – with no further measures put in place to provide a fall-back - represents a huge point of failure that businesses may come to regret should an incident occur.
One strategy to follow is the 3-2-1-1-0 rule, where each number represents an element of a backup policy. This means maintaining three copies of data (with more a possibility), housed on two different types of media. One is stored offsite, away from where the primary data and backups are located. This minimises the impact of natural disasters or other emergencies that might affect several buildings or a wider area. Making one copy immutable or air-gapped is also advisable, limiting the potential for threat actors to tamper with backup data. In an era where ransomware has become a lot more vicious and disruptive, IT leaders can’t afford to ignore this.
The final number in the rule, the ‘0’, is about how by ensuring the recoverability of data, there should be zero surprises. Having backups available is only half of it – they need to be reliable should the situation call for it.
The pandemic saw gains made in IT and data that would have taken years to reach, because there was an urgency to continue business operations. Successfully re-emerging from the economic effects of the pandemic will require building on the gains made, and make sure that their foundations are solid. A sound cloud strategy is central to doing so.