Backup and Recovery in Cloud: Are you Making These Three Mistakes?

This article was written by Sam Gutmann, CEO, OwnBackup.

Backup and Recovery in the Cloud: Are you Making These Three Mistakes?

Cloud computing has rapidly emerged as an industry must-have, and app clouds are growing by the minute. By eliminating the tedious requirements of IT management, while enabling much-needed technology upgrades at scale and below cost, it’s easy to see why so many organizations are adopting cloud-based infrastructure and Software-as-a-Service (SaaS) applications.

Yet, for all the newfound excitement and trust in cloud-based infrastructure, there are still major concerns to consider for the datacenter. Industry reports have noted that 2016 could be the year when cyber attacks and data breaches in the cloud become a harsh reality for many organizations. This impending risk along with the increasing reliance on SaaS and PaaS environments has created a new awareness of datacenter security and compliance challenges.

At the same time, it has become clear that few organizations have the necessary strategies and tools in place to protect their critical data within a SaaS infrastructure; and recent data loss events serve as strong proof. Many companies underestimate the requirements of the modern datacenter and what it takes to effectively manage data and recovery in a cloud environment.

In an age where data is the lifeblood of every business, these organizations are increasingly vulnerable to costly, irreparable damage. If organizations cannot protect (and easily recover) SaaS data from cyber threats, data loss, malicious employees, and even simple user error, they are taking an ill-advised data gamble. By avoiding three common mistakes and leveraging new strategies and tools for application-specific data protection, IT and storage leaders can ensure their organizations have the same level of data protection in their cloud environment as they do in on-premise applications.

Mistake #1: Falling Prey to the ‘Set It and Forget It’ Mentality
Organizations often view one of the top benefits of a cloud environment the ability to rely on an outsourced vendor to manage the entire implementation and maintenance of any given application. Unfortunately, many organizations also incorrectly assume that the SaaS vendor will not only address ongoing IT management headaches, but also anything associated with the application itself. This is where many organizations go wrong! Even in a cloud environment, organizations cannot simply ‘set it and forget it’ – especially when it comes to applications housing important business data.

Seemingly ‘short’ application downtimes for business-critical cloud applications can become a permanent data loss event. Organizations cannot rely on SaaS vendors to protect and recover their data; SaaS are not responsible for the information contained in their applications. On the contrary, organizations are required to be stewards of their data-no matter where it resides. On-premise or in the cloud, organizations always own their data.

There are essentially three tiers of managing data protection and recovery in a cloud environment that organizations must consider. The first happens at the infrastructure layer. These are the components that should be covered in your SaaS vendor agreements, including uptime availability guarantees and overall accessibility for the application itself (just not the data).

The second is the all-important data layer within the SaaS application. It is here where the major risks occur such as mass data corruption by a script that went haywire or by a malicious cyber threat. Given the scope of these threats, organizations need recovery tools that enable them to backup data at the record level and then take it a step further by restoring data at the field level and at scale. For example, if 10,000 records are impacted, but only fields two and four have corrupted data, the datacenter needs the capability to isolate the ‘bad’ data and replicate the fix a few thousand more times without corrupting the existing ‘good’ data.

The third and final layer of data protection in a cloud environment is the one that no business ever wants to think about – the worst case scenario. For example, what if your SaaS provider cannot meet its SLAs and your data is trapped inside the application days or even just a few hours? Organizations still need a way to access their data and make it readily available to key business users to avoid detrimental service disruptions, unhappy customers, and other operational nightmares. Instead of attempting to mitigate the problem after the fact, IT leaders need to determine how they will manage potential SaaS outages before implementing any SaaS application.

Mistake #2: Underestimating Your Role as Compliance Data Steward
No matter where the data is housed, on-premise or via the cloud, the compliance requirements remain the same. Organizations must be able to prove that their information is backed up at least once a day and demonstrate that any missing information can be restored. As far as regulators are concerned, the business – not the SaaS vendor – is solely responsible for owning the data, protecting it, and backing it up. Accepting the role of de facto data steward is especially critical as companies place more and more sensitive data into SaaS and PaaS applications.

For example, financial institutions are increasingly deploying cloud-based applications for customer transactions. Lost bank records due to inadvertent user error or system update glitches could result in the loss of hundreds of millions of dollars in lost loan data that could take years or months to recover, if not lost forever! This level of compliance offense has a catastrophic impact on the business and often generates irreparable damage.

To avoid such a scenario, businesses need to own their responsibility as compliance data stewards and maintain tight control of their data even when it is housed outside the four walls of their organization.

Mistake #3: Hoping Legacy Backup Tools Keep up With Cloud Demands
The challenges associated with managing cloud environments may no longer be new, but expecting legacy backup tools to support new cloud applications is likely to lead to frustration and ineffective data protection measures. Traditional backup methods involve leveraging a disk or snapshot of the server and a subsequent spin up of the entire image if something goes wrong. By their very nature, SaaS applications don’t have direct infrastructure access so everything is backed up at the record level-meaning recovery must also happen at the same level of granularity.

Modernizing a data center and moving everything to the cloud demands a completely new approach to data loss prevention. Relying on SaaS vendors to expertly mange your data and avoid data loss events is a significant oversight that can lead to disastrous consequences.

Don’t make the mistake of relying solely on legacy tools in a cloud era. Instead, consider cloud-to-cloud backup tools that are designed with SaaS requirements in mind. Implementing application-specific backup tools that can quickly get the data and interact with it to rapidly resolve any issues regardless of where the infrastructure lives. In addition, by isolating the corruption and data loss event to restore only the affected data and avoid overriding accurate data changes, organizations can eliminate the arduous and resource-intensive task of restoring data field by field.

Making the Most of Cloud Opportunity
The cloud offers new opportunities for organizations, but the primary risks and challenges of storage, protection and recovery remain the same. Businesses need access to all data all the time, regardless of where that data lives. Organizations need to embrace their new role as cloud data stewards and proactively manage data protection and recovery in all environments. By avoiding common mistakes and leveraging modern backup and recovery strategies that can keep pace with the demands of cloud-to-cloud infrastructure requirements, datacenter professionals can not only future-proof their SaaS applications, but also minimize any negative impact to business operations.