Four steps to protect your data against disaster in the cloud

25 August 2021

Florian Malecki, international product marketing senior director, StorageCraft

Florian Malecki, Senior international marketing director of Arcserve

The recent fire at OVHcloud’s data centre in France has placed huge emphasis on businesses to evaluate the best ways to keep their data safe, Florian Malecki, senior international marketing director of Arcserve, provides guidance on ways to keep data safe for when the worst happens.

Is data truly safe when an organisation moves to the cloud? The recent fire at the OVHcloud’s data centre in France proves that it is not. The fire impacted millions of websites—including government agencies, e-commerce companies, and banks and resulted in a lot of data loss. Some of that data was backed up and saved, but some is now lost forever.

And yet, many businesses still think that if their data is in the cloud, it’s backed up and protected by their cloud provider. Indeed, a recent survey by Arcserve found that 44% of respondents believe protection and recovery of data stored in public clouds is the cloud provider’s responsibility. It’s not.

So why the misconception? For starters, many cloud customers think that because cloud services are now so prevalent and easy to use, they’re also safe and disaster-free. Well, rideshare services are also prevalent and easy to use, but riding with one doesn’t protect you against a car crash. Yes, you don’t have to worry about maintaining the vehicle. But once you’re in the car, it’s still your responsibility to act responsibly and make sure you’re wearing a seatbelt. That’s the part many cloud customers forget.

Here are four ways to keep data safe, even when disaster strikes your cloud provider.

1. Don’t rely solely on your cloud provider to protect your data
When moving to the cloud, companies need to realise that cloud security is a shared responsibility between them and their cloud provider and that the sharing is not entirely equal. It is you, the customer, who is primarily responsible for protecting your data in the cloud, not the service provider.

Leading providers like AWS, Microsoft Azure, and Google Cloud Platform typically secure the core infrastructure and services as part of their responsibility. But when it comes to securing operating systems, platforms, and data, that responsibility lies squarely in the hands of customers. Organisations that overlook this simple fact face a much higher likelihood of suffering data loss.

If a business signs up for a service like Office 365, for example, Microsoft clearly states in its terms and conditions that it does not take responsibility for your data. It’s their responsibility to manage and protect their data. Typically, Microsoft will back up data for 30 days. After that, it cedes responsibility. This is why it recommends that businesses use third-party software to protect data in the long term.

Business owners need to be aware of their responsibility and ensure that they have protection solutions in place. They regularly test how they can recover from data loss if it happens.

2. Follow the 3-2-1-1 data-protection strategy
The 3-2-1-1 strategy directs that you have 3 backup copies of your data on 2 different media, such as disk and tape, with 1 of those copies located offsite for disaster recovery. The final 1 in this equation is immutable object storage.

Companies should look for a cloud storage solution that safeguards information continuously by taking snapshots every 90 seconds. This means that even if disaster strikes, data can be quickly recovered. With immutable cloud storage, there will always be a series of recovery points, ensuring that your data remains protected.

3. Ask the right questions
There is a list of essential questions you should be asking your cloud provider. You should ask it what procedures it follows for its own business continuity and disaster recovery. You should also understand its service-level standards. Is its service designed to stay up 99% of the time or 99.999%? The difference between just one or two 9’s can be the difference between three full days of downtime per year for businesses versus 27 minutes of downtime per year. And that difference can have a significant impact on an organisation’s bottom line.

Businesses should also find out if their cloud provider offers the additional data backup that lets them back up data to various geographic locations. And if so, is that service built-in, or do they need to subscribe to a third-party data-protection partner to ensure that they have the proper data backup and disaster recovery plan in place?

Finally, ask how easy or difficult it is to move to a different cloud provider. Moving from one provider to another is often easier said than done.

4. Have a recovery plan in place
Having the proper backup and recovery plan enables you to protect your data if and when disaster strikes. A recovery plan should include a simulation of business disruption to assess a disaster recovery plan. It should also include the regular testing of backup images so that issues can be resolved before they occur. In the OVHcloud fire case, customers who had a recovery plan in place were more likely to escape maximum damage and permanent data loss.

When it comes to data protection, businesses should hope for the best and prepare for the worst. Having a solid plan in place will ensure that they always land on their feet, no matter how far they may fall.