Using cloud-based services (also known as Software-as-a-Service / SaaS) has become the norm. It’s fast, convenient, and creates greater opportunities for businesses to run more flexibly. For all its benefits, however, there’s a common belief that this means your cloud service provider actively protects your data. It’s easy to get lulled into the notion that the SaaS provider is simply taking care of everything for you. This simply isn’t way cloud services work. This dangerous belief will set you up to lose your data when the SaaS provider has a critical failure. The current statistics from all major cyber security companies and government agencies point to the same reality. It is not a matter of if you will experience data loss, but when you will experience data loss.
The simple truth is this: The job of protecting your data belongs to you entirely.
No Real Backup Provided
Cloud service companies provide you with the infrastructure for a service. They provide the hardware, software, and connections to perform a job. To ensure that infrastructure is available to you, the service provider sets up redundant servers across a wide geographic area. Your data being replicated to these machines is merely a fortunate consequence of the provider’s redundancy to meet their obligations of providing a service to you. That redundancy of data, however, is not a backup.
A change made at one location will replicate to all locations. As a result, ransomware will encrypt all copies of your data, holding it hostage until you pay up. Emptying the recycle bin will purge all copies everywhere. Changing a file will change it everywhere.
In addition, hardware failures and cyber attacks may block access to the service for an unacceptable period of time.
You need something else to protect your data from accidental or malicious loss.
The good news is, there are services available to help protect your data. When considering a SaaS backup solution, keep the following points in mind:
Depending on your field, federal, state, and industry regulations may require you to do more than simply have a backup of your data. Many industries require businesses to actively protect their data. They may require you prove the data did not change, proper access to the information is maintained, and metadata is not modified, among other requirements. (Metadata is data about data–date/time stamps, access audits, etc.)
All insurance companies today require their customers to take reasonable means to protect their data. If you’re a victim of data loss or interruption, whether malicious or accidental, and you can’t prove you’ve taken reasonable care of the data, your insurance may not cover your losses. In fact, many insurance companies explicitly require all data be backed up to qualify for coverage.
Size Doesn’t Guarantee Data Protection
Do not expect a larger Software-as-a-Service provider to create backups for you. Size doesn’t matter here. For example, Microsoft and Google are two of the largest cloud services providers in the world. It’s likely you use one or both. Neither company makes any specific guarantees that your data will be available to you when you want it.
Microsoft clearly states it is your responsibility to protect your data (Microsoft Services Agreement Section 6b). Google does not address the issue at all. The fact that they don’t say the will protect your data, is your cue that you need to do this on your own. There are services you can use to protect your Microsoft and Google data.
If you use Microsoft 365 you can protect your emails, OneDrive, SharePoint, Teams, Groups, calendars, contacts, and tasks. If you use Google Workspace, you can protect your email, My Drive, Shared Drive, contacts, calendars, and tasks.
What about other SaaS providers? The list of SaaS companies is long and the type of data they hold for you will vary. In general, however, a reputable SaaS provider ought to provide some means for you to protect your data away from the SaaS company, and be able to access that data without having to rely on the SaaS provider.
The bad guys are always looking for ways to get at your data and hold it ransom. Moving email and files to the cloud not only makes it more convenient for you, but it also gives hackers additional opportunities to get to your data and encrypt it. Having an off-site backup of your emails, files, contacts, etc. gives you the peace of mind knowing that even if the hackers get to your primary data store, you still have access to your data.
While most cloud service providers won’t make any guarantees to protect your data, there is something you can do.
What Makes a Good Cloud Services Backup System?
Using a robust cloud services backup, you can protect your data. A strong backup solution should have the following abilities:
1. The backups should be automatic, so there’s nothing extra for you to do;
2. You can restore individual emails, an entire mailbox, or the entire email environment;
3. Your data should be downloadable should you not have access to the service provider for any reason;
4. If you require it, the backup system should meet federal regulations;
5. It encrypts the backups while at rest and in transit.
It’s Your Data. Protect it.
The “cloud” is not some magical place where your data is safer than when it was on a server in your office. There are still risks to your data. Employees might intentionally or accidentally modify or delete it. Hackers may encrypt it and hold it ransom. Hardware failures might prevent access to, or even completely delete, the information. It’s important you recognize the risks to your data and implement a solution to protect it.
If you’re interested in protecting your cloud data, or would like to know more, give us a call. Lathrop I.T. Consulting has the tools necessary to protect your data from threats known and unknown.