My Data’s in the Cloud. That Means It’s Protected, Right?

By Juan Orlandini
8/21/2018

It may come as a surprise to many reading this blog that the answer to the question posed in the title is, “No.” Just because your application workloads are hosted in a public IaaS cloud environment doesn’t mean those workloads are adequately protected. 

Unfortunately, the assumption that digital assets in the cloud are properly defended is surprisingly common and often wrong. In a 2017 study by research firm Vanson Bourne and data management provider Veritas, 69% of respondents erroneously believed their organization’s IaaS cloud provider was handling all data privacy, regulatory compliance, and data protection for their workloads. 

What’s the truth about data protection in the cloud?

There are many scenarios where blind trust in your IaaS cloud provider can put your data at risk. While many providers are focused on pleasing their customers and can demonstrate tough and resilient data center infrastructures, there are still scenarios where such environments can fall short. In terms of data protection, these include:

  • Potential data corruption
  • Accidental deletion by a user with access to your cloud-hosted data
  • Local or regional downtime events
“But, wait a second!” you say. “Regarding downtime events, don’t cloud providers have redundant data centers in other regions to ensure my data is still accessible?” Unfortunately, while many have this capability, that doesn’t mean it is being used with your workloads. It often comes down to whether or not you have paid for this level of redundancy. 

In 2017, the Amazon S3 service experienced a multi-hour outage that brought down one of its busiest East Coast regions. According to TechTarget, some customers were better prepared than others to ride out the outage. Customers who had already paid for data redundancy across multiple Amazon regions fared better than the many customers who opted to pay for only one region.

Your responsibilities: Their cloud, your data 

Even when your application workloads reside with a cloud provider, it’s still your data. As such, it remains your organization’s responsibility to ensure backup and recovery plans are adequate for key downtime scenarios.
 

It’s easy to make data protection mistakes related to cloud environments. In fact, it’s so easy, we decided to document common data protection errors we see as well as 10 important rules to help you plug potential holes in your protection of cloud-based workloads. You can find them in our whitepaper, 10 Rules to Protect Workloads in a Hybrid or Public Cloud. In the paper, you’ll learn things like:

  • The difference between “data resilience” and “data protection”
  • How data “snapshots” are not all created equal in the cloud (and how they can end up costing you a lot of money!)
  • What no “single point of failure (SPOF)” means in the cloud
  • What you should look for in a provider’s Service Level Agreement
You’ll also see more than 20 questions to ask yourself or your provider about your data protection in their cloud.

How do I know who is responsible for what in the cloud?

It is also important that you understand your role and your cloud provider’s role in managing your workloads. Roles and responsibilities can change depending on whether you use the cloud provider’s services for IaaS (Infrastructure as a Service), SaaS (Software as a Service), or PaaS (Platform as a Service).

To tackle this issue, we developed, “Managing the Public Cloud: Who Owns What?”

Whoever said that knowledge is power was right. Take advantage of these resources to arm yourself with the right information about what the cloud will and won’t do for your organization.

Are you facing a tricky question or area in the cloud where you don’t see answers? Contact us and we’ll help you get to the bottom of it.