cloud backup

(Photo by Brendan Smialowski / AFP)

Cloud backup ensures better cyberattack recovery

Cloud backup is becoming increasingly adopted among enterprises today. As ransomware cases rise rapidly in Southeast Asia, organizations need to rely on backup of their data to ensure business continuity. Yet, a big problem for most organizations when turning to their backup is the amount of time it takes for their systems to recover and get back up and running.

Legacy backup systems rely heavily on hardware storage which requires the IT team to access and recover files manually. While some processes and logs can be automated to speed up the time, it’s still a lengthy process that can cause businesses a huge amount of losses.

To ensure faster recovery and also better backup, cloud backup is now becoming highly sought after by organizations. Cloud backup is basically having a copy of your backup available on the cloud for your recovery purposes should there be any incidences.

According to IMARC Group’s latest report, titled Cloud Backup Market Report: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2021-2026, the global cloud backup market reached a value of US$3.2 billion in 2020. The cloud backup market is expected to grow by 24.4% by 2026.

Organizations of course should still ensure they practice the age-old 3-2-1 backup rule. Cloud backup provides them with the desired capabilities they need. To understand more about cloud backup and how it differs from legacy backup models, Tech Wire Asia spoke to Dave Russell, Vice President of Enterprise Strategy at Veeam Software.

Is cloud backup is the best option for businesses today?

Dave Russell, Vice President of Enterprise Strategy, Veeam.

The ongoing pandemic has put many organizations in a bind with underperforming business revenue and increasing budget constraints. As a result, many have not been able to update and modernize their backup recovery infrastructures.

Cloud backup models offer these organizations an option to backup on-premises hardware and software with reduced capital expenses. Organizations unwilling to compromise on their data security and recovery measures would find this the best and most affordable option for improving their backup practice.

At Veeam, we believe each organization must have a solid data protection strategy that is unique to each business and feel that the optimal approach does not entail a one-size-fits-all solution. The best approach depends on the organization’s vertical, company size, as well as the type of workload being protected.

For instance, organizations using on-premises applications such as a Microsoft SQL Server can choose to store them at a cloud target instead of writing that data to on-premises storage. On the other hand, organizations with born-in-the-cloud workloads can also choose to protect them in a native environment.

While we do not always prescribe or advocate that cloud backup is the best option, we do recognize that it is a highly attractive option for many businesses today.

So, how does it differ from traditional or legacy backup models?

Legacy backup models are very valid models that capture data at midnight and back them up on on-premises applications. However, we see many organizations these days being increasingly interested in ensuring that they have saved copies of data in geographically dispersed areas for enhanced security.

And they want to back up mission-critical applications more frequently, perhaps using more modern technologies, such as storage array integration or continuous data protection (CDP). This is to avoid data loss during the various types of man-made and natural disasters such as hurricanes and fires.

What makes cloud backup different from traditional legacy backup models is that data can be backed up in multiple locations that could be geographically dispersed. Some organizations may have already implemented the best practice of the 3-2-1 rule, in which they can have 3 or more copies of data, 2 or more of different kinds of media, and 1 data copy being geographically dispersed. Veeam goes one step further to add a new step to that rule for guaranteed data recovery, stating that one of these copies should be immutable. This means that the data cannot be changed, deleted, or encrypted. Additionally, Veeam pioneered a fairly unique capability where we provide automated backup verification to ensure that there are 0 errors in the backup process.

In essence, cloud backup models are much more compatible with the 3-2-1-1-0 rule than legacy backup models.

Is cloud backup vulnerable to cyberattacks as well? 

We have not seen the same level of attack frequency on cloud backup as on-premises, to date. Veeam has found that the most common entry point for cyber risk attacks is from remote desktop deployment or employee phishing attacks. The greatest entry points from a cyber risk perspective and from a cloud backup perspective are not nearly as vulnerable when employees leak data by accident or insider threats, as organizations that back up their data in the cloud are much less vulnerable.

Having said that, insider threats are a genuine concern even with cloud backup. However, it becomes easier to cordon off the cloud backup solutions from the rest of the production data center. This means that organizations can spread the data protection responsibilities by having different administrators with various credentials, such as usernames and passwords. It is also recommended that organizations use multi-factor authentication to provide additional layers of security.

How can businesses protect their cloud backup?

Practicing good digital hygiene is crucial. Digital hygiene refers to ensuring organizations have a proper delineation of responsibilities in terms of proper, strong passwords, as well as having unique passwords for each implementation of the workload that they are protecting.

Organizations deploying cloud through a managed service provider (MSP) have an advantage as MSPs have dealt with such security concerns for decades.

Even before ransomware and cyber threats became a critical issue, service providers had to ensure they could overcome concerns about data leakage, multi-tenancy requirements, or bad actors. Due to this, service providers have been ahead in terms of ensuring that they have the proper safeguards in place.

It is without a doubt that cyberattacks will continue to evolve and increase in sophistication over time. Overall, it comes down to following best practices, ensuring that you have proper safeguards, and verifying the safety of your software and configurations.

Can highly regulated industries opt for cloud backup and cloud storage, given that they deal with valuable data?

Yes, they can, but they may need to ensure that they comply with local regulations. There are specific cloud solutions that are hardened to meet the criteria specified by national governments, which comes with extra protection and credential verifications. An example of tightened solutions includes increased security perimeters, administrator background checks, and equipment in separate cages on separate networks.

Examples of highly regulated industries that use cloud backup include financial services, healthcare, and government sectors. In such cases, it is paramount for organizations to evaluate the provider’s plans to ensure overall security, data retention remains, and how the provider can prevent data leakage. As mentioned in my response, organizations need to conduct multi-verification checks and practice due diligence to understand the capabilities and practices of their partners.