Data Protection In The Public Cloud: Disaster Recovery Isn’t As Automatic As You Might Think… [Article]

Even after data has been migrated and sent soaring to the public cloud, organisations need to remember to take stock every once in a while.

Lifting, shifting and placing unwavering trust in the protection of critical information may be the desired goal of many businesses looking to capitalise on the wealth of public cloud benefits. But amid this strategic move, disaster recovery and business continuity are – often mistakenly – being caught up in the ‘out of sight and out of mind’ thought process.

There has been a recent, perhaps surprising, trend of businesses assuming that their data is bulletproof once it has left their premises. As such, the misconception is that the cloud provider is now accountable and in charge of safeguarding company information.

This, of course, is a utopian view of what the public cloud should be, but – as evidenced by high profile outages and subsequent breaches in recent years – disasters can befall even the biggest of heavyweights.

The simple truth is that the majority of cloud providers don’t have any disaster recovery or business continuity experience – in fact, they’ve intentionally positioned themselves away from that responsibility. Rather, they sell themselves as platform and micro-service providers, only.

This default positioning usually means a lack of management or services available to address disaster recovery. The responsibility consequently passes to the organisation to design and build a fit-for-purpose solution. It’s a status quo that few organisations have either noticed, realised or reacted to. And it’s time to change that narrative if they’re to keep their digital property safe.

Don’t put the benefits of public cloud in danger

What this change of narrative will hopefully represent is a dual-focus of protection. Protection of vital information is, of course. paramount. However, the protection of the public cloud services that organisations invest in also warrants attention.

Positive impacts from a CAPEX, environmental, availability, performance and – even – security perspective, are well documented, as well they should be. The public cloud is often the right solution at the right time for organisations navigating big data, globalised supply chains, eco pressures and customer efficiency demands.

To risk those benefits and your own data, through this lack of clear business continuity is to plan to fail. It is this singular characteristic of public cloud provision that’s the issue, not the public cloud itself.

The disasters…

To affirm where the dangers lie, organisations must realise that the cloud is still a physical storage location. As aptly described in an IT Governance article last year: “If it’s accessible to you, then it’s accessible to criminal hackers.”

The question then becomes: ‘what is being done to protect against these prospective hackers?’. And this is where the misconception arises. For many, they believe the answer is the cloud service provider. But a recent Gartner study found that 95% of cloud breaches arise as a result of this fallacy.

Coupled with this are cloud outages. In March this year, an Azure outage trickled down into its leading, renowned services including Office, Teams, Xbox Live and many other strands of the platform. This was followed less than a month later when Azure DNS experienced availability, accessibility and management issues across its customer base.

AWS and Google certainly haven’t been immune either, with the former’s customers also experiencing outages last year, which impacted the likes of YouTube and Snapchat. Indeed, it can be foolhardy to put 100% faith in these elite providers to never be breached or experience outages.

The recovery…

For many who have presumed that disaster recovery comes part and parcel with a public cloud provider, they may not have explored alternative options. But when disruptions – or disasters – can affect your own customers, your reputation and – ultimately – your bottom line, those alternatives need to be ingrained into your initial cloud migration strategy.

A clear, established disaster recovery plan means optimised operational resilience and the ability to remain robust in the face of circumstances that you can’t always control. With this in mind, organisations should look to work with trusted advisors and specialists who can guide them in their business continuity efforts and to ensure that their data is protected in the public cloud.

Customers have to make very deliberate choices, moving forward, about how to not only consume public cloud services for maximum effectiveness but to protect them adequately. The need to backup, restore, and secure your data in the cloud is an absolute certainty. It’s time to realise that while you can outsource your data management, you can’t outsource the risk. That risk will always be there, of course, but it’s the measures you put in place to mitigate them that are crucial.

This article was originally posted on BCI.org, August 2021.