Your Data Is Your Responsibility: How to Ensure Data Resiliency in the Cloud

By David Lenz, Vice President, Asia Pacific, Arcserve

Undoubtedly, we will eventually see a massive software-as-a-service (SaaS) outage. With so many organizations now dependent on SaaS to keep their operations moving, data backup and recovery must be front and center for every IT pro today. 

Companies worldwide are increasingly consuming SaaS rather than running their own IT infrastructure on premises. However, many still mistakenly believe that data protection is the responsibility of their cloud providers. They may also assume that the provider will handle all aspects of data protection, including backing up and recovering the data.

If a service like Microsoft 365 suffers a major outage, organizations must know that while service is guaranteed, the organization's data protection is not. That responsibility lies solely with the organization. You don't need to look far for an example. In late January, Microsoft 365 was struck by a worldwide outage caused by a router IP address change that led to packet forwarding issues between all other routers in its wide-area network (WAN).

While cloud providers do take steps to protect their customers' data, it is ultimately the customers' responsibility to ensure that their data is backed up, secure, and recoverable. The cloud provider cannot control all factors that could lead to data loss, such as user error, hardware failure, natural disaster, or malicious attack. That's why it's essential to understand the Shared Responsibility Model.

Data is the lifeblood of the enterprise today; losing it can result in loss of customers, brand reputation, revenue, and, ultimately, the enterprise itself. One Gartner report from way back in 2019 says that assuming SaaS applications don't require backup is dangerous. And about 70 percent of total company software usage was SaaS in 2022, with projections showing that number will grow to as much as 85 percent by 2025. With so many users, every organization will likely experience disruption due to data loss from SaaS applications.

Too many IT decision-makers mistakenly rely on their SaaS vendors for data protection. Organizations need to address this disconnect. Businesses must understand that their data is their responsibility and implement proper security measures to protect that data in the cloud.

With that in mind, here are three strategies for organizations to ensure data security, even if disaster strikes one of their cloud providers.

1. Do Your Due Diligence

Ask your cloud provider several crucial questions to ensure it can provide security and continuity for your business. For starters:
• What measures does the provider have in place for business continuity and disaster recovery?
• What are its service-level standards for uptime?

For example, is the service designed to be operational 99 percent or 99.999 percent of the time? While the difference may sound small, it can significantly impact your business: 99.999 percent equates to minimal downtime, but 99 percent can equate to several days of disruption yearly.

It's also important to ask whether the provider offers data backup services. If so, are they included in the subscription cost or cost extra? Or do you need to secure additional coverage through a third-party partner? Also, how complicated is it to switch to a different cloud provider, if necessary? Considering this possibility is essential, as moving between providers can sometimes be a significant hassle.

2. Have a Backup Plan

The 2021 fire at OVHcloud's data center in France highlighted the potential risks to data in the cloud. The incident affected many websites, including government agencies, ecommerce businesses, and banks, and resulted in permanent data loss for some.

A good disaster recovery plan is essential to protect your data in the event of a disaster, whether natural or caused by humans. Part of the plan should simulate a business disruption to test and assess the organization's ability to recover. It's also important to regularly test your backup images to identify and fix any potential issues before an actual disaster. In a disaster, it is critical to ensure that the backed-up data is available and can be quickly restored.

The OVHcloud fire puts a spotlight on the importance of having a recovery plan. Those customers with a plan in place during the fire were more likely to minimize damage and avoid permanent data loss.

3. Demand Immutability

When evaluating cloud providers, ensuring that the chosen provider offers immutable storage is critical. Immutability is a type of data storage in which, once data is written, it cannot be modified or deleted. Any changes to the data must be made by writing new data rather than by altering or deleting existing data. Immutable storage protects data integrity and ensures that data remains unchanged over time.

In the case of a ransomware attack, for example, attackers may attempt to encrypt or delete data to disrupt a system's operation or demand a ransom for the decryption of the data. The attackers cannot alter or delete the data if the organization uses immutable storage. And the company can use it to recover from the attack even if the attackers successfully encrypt or delete other data.

Similarly, in the case of a system outage, immutable storage can be helpful because it enables organizations to access a copy of their data. It can be essential in cases where the outage occurs due to a hardware or software failure, as it may be difficult or impossible to access the data stored on the affected system.

With immutability, organizations are protected from data loss, data corruption, external threats, or system failures.

The abundance of vital documents, records, and communications now stored in the cloud means that data loss is not an option. Organizations must back up all mission-critical data and ensure it is fully recoverable. However, it is also essential to understand that your cloud provider is not responsible for safeguarding your data.

In the realm of data protection in the cloud, it is wise to hope for the best and prepare for the worst. A solid plan will ensure that you're ready for any eventuality. For expert help ensuring data resiliency for your SaaS applications, talk to an Arcserve technology partner. To see what Arcserve SaaS Backup can do for your organization, check out our no-obligation 30-day free trial.