Story image

The top five ways data is lost in the cloud - and how to prevent it

09 Oct 17

The astronomical numbers of consumer cloud-based users worldwide just keep rising. Some 3.6 billion internet users are projected to access cloud computing services during 2018, up from 2.4 billion users in 2013.

A common assumption is that if data is deleted, ‘well, it’s in the cloud, so it must be backed up, right?’ Wrong.

An industry study a few years back showed that the risk of data loss is very real, even if a cloud infrastructure service sends the data offsite. In fact, 32% of companies using SaaS services reported data loss in an Aberdeen report.

How data is lost in the cloud:

  • User error (registered users accidentally delete or overwrite data) accounts for 64%
  • Hackers (outsiders break into the business systems) are responsible for 13%
  • Closing accounts (cloud app accounts are closed without regard for the data left behind) result in 10%
  • Malicious delete (users purposely delete critical data belonging to a company) causes 7%
  • Third-party software (data is overwritten by third-party software) makes for 7%

Cloud data protection

Clearly, organisations need a sound data backup plan to protect their cloud data. A good backup and recovery strategy can save many hours of time, thousands of dollars and potentially prevent bankruptcy.

Third-party tools for backup and recovery of SaaS data can keep information safe and ready for recovery at all times. Compared to SaaS native backup functions, third-party tools have improved flexibility and functions. They allow organisations to back up SaaS applications for each account, using a trusted cloud provider; manage backups easily from a single dashboard; avoid downtime for users; spend less time managing backups and recovery; and gain fast insight into the types of data backed up.

SaaS sync issues

Most SaaS users believe their data is protected by the service provider. But the service level agreements (SLAs) for most cloud applications indicate that the service provider bears little or no responsibility for data that is lost and has not been backed up.

SLAs typically cover the common causes of application downtime, but these refer to downtime in the cloud data centre, not what happens on the user’s computer. Once a user changes an object and closes the application, there is little a provider can do to restore the original object.

This is because cloud applications providers provide just that – cloud applications. They are not in the backup and disaster recovery business and most of them have no plans to be.

Most users are confident their data is safe because SaaS providers have really made a name for themselves in the software world. But there have been many documented issues with the synchronisation capabilities of the apps.

For IT administrators in companies that rely on cloud services for their productivity suite, the SLAs for cloud applications can be a headache times two. First, users are at risk of losing their data. Secondly, there is no guarantee of recovery in case of user error, malicious deletion or sync issues.

It is crucially important that end users are educated about the capabilities for backup and recovery of cloud applications. At the same time, managed service providers must ensure there is always a backup to restore from, should data be lost.

Storage vs backup

Businesses do not always follow best practices to ensure data protection. Threats like malicious deletes, unauthorised access to data or external app errors (problems with syncing) will also cause problems.

This is why using SaaS as a backup option, and not for storage or file-sharing (as it is intended), might cause trouble. Moreover, cloud application SLAs will not cover the situation in which data was deleted because of user error.

Ultimately, a business owns the data and is responsible for what happens to it – even if it is stored in the cloud.

How to prevent cloud data loss

Microsoft has a guide on best practices to prevent SaaS data loss with Office 365. This advice can easily be applied to any cloud application. It starts with knowing exactly what type of data is stored and what data must be protected. For any user of cloud services, the key take-away is to always implement three main rules for their data management:

  • Identify sensitive information across many locations: Keep track of documents containing sensitive information. Watch out for credit card numbers, names, and contact information of customers or company employees.
  • Prevent the accidental sharing of sensitive information: Studies have shown that around 16 percent of documents uploaded to the cloud include sensitive information. The trouble is, employees may inadvertently share them outside the organisation. Businesses can put processes in place to block access to these documents automatically, or prevent them from being sent out to email addresses that are not part of their corporate domain.
  • Help users without interrupting their workflow: Everybody hates downtime, which is why automated systems make it so much easier to keep track of our most important data and protect it.

Leading disaster recovery specialists have introduced set and forget solutions that backup cloud applications. The best of these are designed specifically for busy business people who need peace of mind.

By Marina Brook, Head of Sales APAC, StorageCraft Asia-Pacific

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
SAP provides partners with free access to their cloud platform
“Now that over 3,700 SAP partners have joined our cloud strategy, the free resources will help them accelerate application development."
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Why the future of IT infrastructure is always on and always available
As more organisations embrace digital business, infrastructure and operations leaders will need to evolve their strategies and skills to keep up.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.