Moving data to the cloud raises many questions over security, data jurisdiction and access. An important and often overlooked factor is the ever important question of data backups. Many of us assume that the cloud provider is responsible for data backups, since the provider has global coverage. The reality is the responsibility is yours. The infrastructure for hosting your data is the provider’s responsibility, but most of the security responsibility falls on to you, as the owner of the data.
Data security is my responsibility? What does this mean?
It means that you need to consider how much data you have in the cloud, where it all resides and then consider how you will back it up. There are good reasons to do so:
Accidental deletion – a backup gives you somewhere to restore from.
Malicious data destruction or encryption – again you can restore a clean copy of the data.
Data retention – often data needs to exist for years after its use has stopped, due to compliance issues. The best place for that data is in a backup.
The backup can be done to another cloud provider or to an onsite storage location. The backup should be done securely and the files need to be encrypted while they reside in the backup location.
What data should I retain?
Backing up all data may seem like a simple solution, but is often not necessary. It can also be expensive. To figure out exactly which data requires backup, review your important data and consider whether associated legal obligations dictate a need for backup.
Consider your backup strategy
Your backup strategy needs consideration. Do you require a full weekly backup, with incremental changes backed up each day; or is another strategy better, based on your use and creation of data. You should also implement regular restore testing for backups, to ensure the data is there and intact. This also trains staff to ensure smooth process when more stressful circumstances arise.
Check out our case study video. In this video, an employee leaves the organisation – a few months later, the team discovers that important data is missing and their first port of call is you, their IT administrator.