Security Practices for Backing Up Data in the Cloud

This post first appeared on the Colbalt Iron blog.

By Greg Tevis

Many organizations deploy workloads in the cloud or back up data to the cloud — often without giving much thought to security risks like:

• how data in the cloud is secured, if it is at all
• if that data will be available when needed for recovery
• how to recover the data when needed

Cloud security is too important to leave to chance, especially when data environments are getting ever more complex, and threats are coming from every direction.

So, what are some of the common pitfalls of securing data using cloud resources? And how can organizations get the right plans in place to avoid them? While cloud usage is skyrocketing keep these issues in mind:

Cloud Storage and Backup Come with Hidden Operational Risks

• You can’t assume that cloud providers are protecting your data. That is your responsibility.
• Cloud providers ultimately have access to your cloud data. How does your organization ensure you have data privacy in the cloud?
• Who owns your data when it’s in the cloud? You’d better read your cloud contracts very carefully.
• Cloud service disruptions can potentially be as harmful as data loss. Widespread cloud outages are common and unpredictable, even among the largest providers. For example, Amazon Web Services (AWS) faced multiple outages in December 2021, wreaking havoc.
• There have been several backup and storage vendors that shut down their cloud services and forced customers to try to salvage their data out of the cloud before it was made unavailable. In more than one instance, the vendor went out of business before the customer could retrieve all of its data.

Organizations Can End Up Paying More Than They Expected for Cloud Resources

• Companies are realizing that using the cloud is anything but free, or even cheap. Choosing the wrong cloud platform or using the cloud in the wrong way often leads to huge cloud expenses. And what happens to user data if the company doesn’t pay its cloud fees?
• Bad user behavior is rampant with cloud. Thanks to lack of accountability in cloud usage, users commonly run up huge cloud bills that your organization will have to pay.

There are Unique Ransomware Attack Points with Cloud Workloads

• Cloud assets, including data stored in the cloud, are accessible with stolen credentials.
• Hackers are focusing attention on cloud disruption. They know there are many exposures and that there is a vast amount of data to target.
• Many organizations have IT infrastructure where cloud workloads are directly accessible from the on-premises networks. That means an attack on-premises can still reach their cloud data.
• Cloud application and provider security exposures are completely out of the control of cloud end customers.

A Common Mistake in Securing Cloud Workloads

Cloud providers will typically replicate data, which leads many customers to believe their data is safe. But cloud providers almost never back up cloud-hosted applications. Numerous scenarios, such as data corruption from a malware infection, demonstrate that replication is insufficient as a total data resiliency solution.

Strategies for Increasing the Security of Cloud/Hybrid Cloud Backup

Be sure to secure all components of your infrastructure, whether on-premises or in the cloud. These components include the data itself, physical or virtual servers, networks, storage devices, operating systems, applications, and middleware.

Traditionally, these components resided on-premises under the control and ownership of the business. However, the flexibility of cloud computing has caused a blurring and outright confusion over who owns and has responsibility for securing these various components of the modern IT infrastructure. Misconceptions about who is securing which components could mean that a ransomware attack on-premises can quickly spread to data in the cloud, as the cloud is typically accessible through the same network. Such misconceptions can be devastating to compromised businesses.

With accessibility as a key cloud feature, cloud computing can introduce the loss of security zones as protection. Therefore, you must establish and protect security zones as part of responsible cloud computing.

Maintaining local backup copies and service level capability should also be considerations for critical business data and infrastructure.

Make sure your backup software provides the same set of tools and same level of security for data in the cloud as it does for on-premises data. Most do not. Often, backup products have separate add-on cloud tools or products that have different security requirements or capabilities.

Deploying a Powerful Solution to the Cloud Backup Security Issues

Cobalt Iron Compass automatically creates and manages multiple, secured copies of data across a hybrid cloud deployment. In addition, the Compass architecture is unique among backup SaaS offerings in its ability to lock down cloud data within the protection dome of your on-premises security zones. Compass’ cloud security capabilities also include the ability to automatically optimize multiple cloud and on-premises resources in response to changing conditions. The result is more secure cloud data. This level of sophistication in data protection and security is desperately needed in today’s enterprise IT industry, which is large, complex, and under constantly evolving cyber threats.

To learn more about the Compass architecture and how Compass secures your data in the cloud, read this report from analyst firm ESG on the security features in Compass >>