Story image

The top five ways data is lost in the cloud - and how to prevent it

09 Oct 2017

The astronomical numbers of consumer cloud-based users worldwide just keep rising. Some 3.6 billion internet users are projected to access cloud computing services during 2018, up from 2.4 billion users in 2013.

A common assumption is that if data is deleted, ‘well, it’s in the cloud, so it must be backed up, right?’ Wrong.

An industry study a few years back showed that the risk of data loss is very real, even if a cloud infrastructure service sends the data offsite. In fact, 32% of companies using SaaS services reported data loss in an Aberdeen report.

How data is lost in the cloud:

  • User error (registered users accidentally delete or overwrite data) accounts for 64%
  • Hackers (outsiders break into the business systems) are responsible for 13%
  • Closing accounts (cloud app accounts are closed without regard for the data left behind) result in 10%
  • Malicious delete (users purposely delete critical data belonging to a company) causes 7%
  • Third-party software (data is overwritten by third-party software) makes for 7%

Cloud data protection

Clearly, organisations need a sound data backup plan to protect their cloud data. A good backup and recovery strategy can save many hours of time, thousands of dollars and potentially prevent bankruptcy.

Third-party tools for backup and recovery of SaaS data can keep information safe and ready for recovery at all times. Compared to SaaS native backup functions, third-party tools have improved flexibility and functions. They allow organisations to back up SaaS applications for each account, using a trusted cloud provider; manage backups easily from a single dashboard; avoid downtime for users; spend less time managing backups and recovery; and gain fast insight into the types of data backed up.

SaaS sync issues

Most SaaS users believe their data is protected by the service provider. But the service level agreements (SLAs) for most cloud applications indicate that the service provider bears little or no responsibility for data that is lost and has not been backed up.

SLAs typically cover the common causes of application downtime, but these refer to downtime in the cloud data centre, not what happens on the user’s computer. Once a user changes an object and closes the application, there is little a provider can do to restore the original object.

This is because cloud applications providers provide just that – cloud applications. They are not in the backup and disaster recovery business and most of them have no plans to be.

Most users are confident their data is safe because SaaS providers have really made a name for themselves in the software world. But there have been many documented issues with the synchronisation capabilities of the apps.

For IT administrators in companies that rely on cloud services for their productivity suite, the SLAs for cloud applications can be a headache times two. First, users are at risk of losing their data. Secondly, there is no guarantee of recovery in case of user error, malicious deletion or sync issues.

It is crucially important that end users are educated about the capabilities for backup and recovery of cloud applications. At the same time, managed service providers must ensure there is always a backup to restore from, should data be lost.

Storage vs backup

Businesses do not always follow best practices to ensure data protection. Threats like malicious deletes, unauthorised access to data or external app errors (problems with syncing) will also cause problems.

This is why using SaaS as a backup option, and not for storage or file-sharing (as it is intended), might cause trouble. Moreover, cloud application SLAs will not cover the situation in which data was deleted because of user error.

Ultimately, a business owns the data and is responsible for what happens to it – even if it is stored in the cloud.

How to prevent cloud data loss

Microsoft has a guide on best practices to prevent SaaS data loss with Office 365. This advice can easily be applied to any cloud application. It starts with knowing exactly what type of data is stored and what data must be protected. For any user of cloud services, the key take-away is to always implement three main rules for their data management:

  • Identify sensitive information across many locations: Keep track of documents containing sensitive information. Watch out for credit card numbers, names, and contact information of customers or company employees.
  • Prevent the accidental sharing of sensitive information: Studies have shown that around 16 percent of documents uploaded to the cloud include sensitive information. The trouble is, employees may inadvertently share them outside the organisation. Businesses can put processes in place to block access to these documents automatically, or prevent them from being sent out to email addresses that are not part of their corporate domain.
  • Help users without interrupting their workflow: Everybody hates downtime, which is why automated systems make it so much easier to keep track of our most important data and protect it.

Leading disaster recovery specialists have introduced set and forget solutions that backup cloud applications. The best of these are designed specifically for busy business people who need peace of mind.

By Marina Brook, Head of Sales APAC, StorageCraft Asia-Pacific

NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.