Data Backup Digest

When cloud storage first hit the scene as a viable option for enterprises, some were hesitant. After years of storing data on physical media, for which the safety protocols had long been established, why should they take the risk and jump into the cloud? Would it even be safe? Cloud providers have since combatted that perception and the cloud is now seen as a viable and secure storage facility.

But the question remains – is the cloud as secure as it could be for backup? Data is vulnerable to attack wherever it is stored, but some storage solutions offer better protection than others. Let’s explore if the cloud is good enough.

Ransomware attacks have been in the news a lot recently. The process involves infiltration into the system, data or machine being encrypted, and the hackers demanding payment for release of the key. This type of attack is exponentially on the rise, but it’s more likely to impact those who are on outdated systems. Unfortunately, hospitals are often victims because they can’t afford to upgrade their systems to ones which offer better security.

When it comes to the cloud, a solution for this would be to limit access to only those who work regularly on the backups. A permanent log could be established and monitored to keep an eye on who is accessing the storage and what data they are downloading. If access is locked down, it’s very hard for ransomware to get in through brute force. You should always monitor your data, cloud or otherwise, but it’s especially important to do so when connected to a network.

Secondly, encryption is vital. Any good enterprise cloud backup provider will offer Advanced Encryption Standard-class encryption. They may even provide Triple Data Encryption Standard protection. You wouldn’t leave the filing cabinet and office door open at the end of the day; you shouldn’t do that with your data either. If you haven’t encrypted your data, make that the number one thing you do immediately.

Once the data is encrypted, it comes back to control. You need to limit and monitor those who have access to the encryption key, since it’s this that can unlock the data. Providing this key doesn’t fall into the wrong hands, neither will your unprotected data.

Finally, consider making the backup read-only. This would mean that data can’t be changed in any way or overwritten or deleted. The only write access provided would be for new files, sent one-way into the cloud. This can be done incrementally and it’s like snapshot backups, giving you the ability to roll back to a specific point for recovery.

Of course, even if you employ these safety measures, the cloud isn’t going to be one hundred percent secure. Nothing ever is. There’s still human error, for example. Someone may accidentally hand out the encryption key or mess up the backup code or any number of other mistakes. As such, even though the cloud often offers replication and geo-dispersion, it’s still wise to keep your own secondary copy of the data.