By Lawrence Garvin, Head Geek, SolarWinds
As cloud computing becomes more and more a part of our professional and personal lives, a new question has begun to pop up – is it all safe up there? Partly due to its novelty, the cloud has developed a mysterious veneer about it, causing us to question what the cloud customer should be doing to make certain that end users are not affected and whether it really is possible to insure ourselves against cloud outages. There is already an abundance of information at our disposal regarding how we can back up our local machines to the cloud, but there really is very little on how a business can ensure its data stored in the cloud is safe.
The answer to protecting a business’s data stored in the cloud is surprisingly simple: Backups, backups, backups. You should never put all your eggs in one basket. Backups are the important component of any possible ‘Plan B’ for when disaster does in fact strike. The cloud comes with the attractive promise of the access to your data anytime, anywhere, but apart from backing up that data to another cloud-based storage provider, the best way to protect your data for a rainy day is to back it up to a local resource.
What is more relevant today is the concern of these so-called ‘cloud outages’ or ‘cloud attacks’. The loss of access to data has the potential to significantly impact daily business operations even though the data is still out there - somewhere. The potential impact of a business losing access to its online CRM or ERP systems for a period of time is unthinkable. Earlier this month, Code Spaces suffered a DDoS attack from an unknown party who managed to acquire access to their Amazon EC2 control panel. The attackers demanded a large sum of money to cease what had already proven to be a devastating crusade against the tech giant. After some time however, Code Spaces managed to regain their panel after removing all EBS snapshots, S3 buckets and all AMI.
Looking forward, there is a very well-proven method in backing up data known as the ‘3-2-1 principle’ – 3 Copies, 2 Physical Locations, 1 Offsite. If you chose to back up your data to another cloud provider while keeping an on-site copy, and the live data itself you can fulfil that principle, however rest assured that all cloud providers have taken the time to consider many possible disaster scenarios.
Another effective practice is ensuring your data is encrypted and even more importantly, knowing when it was encrypted. If the cloud provider is responsible for the encryption of your data, then they will also be able to decrypt it. However if your data is encrypted before it is transferred up to the cloud then only your business’s IT department will be the ones able to decrypt it - a relatively simple practice that can only add security to your cloud-stored information.
The cloud is both a very effective and useful piece of the modern business, but its purpose is meant to be more of a tool rather than a crutch. That said, with the right back-up strategies and precautions in place, its benefits are limitless.