When it comes to backing data up to the cloud, security should be a primary consideration. Although cloud services have long been marketed as a sort of panacea for IT, there are both advantages and disadvantages to backing data up to the cloud, especially when it comes to cloud security.
One of the primary advantages of backing up data to the cloud is doing so creates a backup that is geographically isolated from your data center. This helps to ensure the survivability of your data in the event of a fire, flood, or other disaster. Also, because the backup does not reside on-premises, a disgruntled employee would not be able to steal the backup media.
One of the disadvantages of backup cloud security is that it usually means your sensitive data will have to traverse the internet. Granted, this data should be encrypted and will usually be confined to a VPN. Even so, there is no way to guarantee the security of data passing through a public medium with absolute certainty. It is worth noting that some public cloud providers do offer the option of leasing a dedicated connection between your data center and the cloud, which can mitigate the risks associated with transmitting sensitive data over the internet.
Access to the data
Another risk associated with backing up data to the cloud is it’s possible the cloud provider’s employees could have access to your data. Even if you are not concerned about the possibility of the provider’s employees snooping through your data, backing data up to the public cloud carries with it a very real risk of that data being exposed to the government. That’s why you should hold the encryption key—not your cloud vendor.
A couple of years ago, Microsoft engaged in a legal battle with the US government over its practice of issuing blind subpoenas. A blind subpoena is one in which the government subpoenas a cloud provider for a tenant’s data without the tenant ever being informed that its data has been surrendered.
Yet another risk to backing up data to the cloud is that of account hijacking. This occurs when a hacker manages to crack or guess a tenant’s cloud password, and then logs in as the tenant, and changes the account’s password, effectively locking the tenant out of their own data. While it is true that account hijacking can occur on-premises, on-premises systems containing highly sensitive data might not be as readily exposed to the internet as those systems residing in a public cloud.
Even though there are many backup cloud security risks, there is at least one major advantage to backing data up to the cloud. Public cloud providers (like AWS and Azure) know that public clouds are a favorite target of hackers, so they work diligently to make sure the cloud is as secure as possible. To put it another way, big cloud providers make big targets, so they are secure because they have to be.
Public cloud providers are known for exercising top-notch physical security. In fact, I had the opportunity to visit the Microsoft data center a few years ago, and while I cannot go into specifics, I can honestly tell you that I have visited military facilities not nearly as secure.
This means backing your data up to the cloud may in fact deliver a level of security that simply cannot be achieved on-premises. Major cloud providers have entire teams dedicated to security, and so there is a very good chance your backups will be more secure in the cloud than they ever would be in your own data center.
Brien Posey is a 13-time Microsoft MVP with over two decades of IT experience. Prior to going freelance, Posey was a CIO for a national chain of hospitals and healthcare facilities and has served as a network engineer for the United States Department of Defense at Fort Knox. Posey has also worked as a network administrator for some of the largest insurance companies in America.
You can follow Brien on Twitter at @BrienPosey
The above is based on using public cloud providers like AWS and Azure. For those wanting the benefit of cloud without some of the security downsides of being on a public network, you can use a purpose-built private cloud, like SolarWinds® Backup uses, where IT services are provisioned over private IT infrastructure for the dedicated use of a single organization.
SolarWinds Backup can also make internet traversal more safe in two ways:
- In addition to using AES 256-bit encryption prior to transmission, after the first full backup, only changed blocks are transmitted, compressed, and deduplicated so the data isn’t usefully readable.
- Backup data is transmitted over a TLS 1.2 connection, for even greater security.
To find out how SolarWinds Backup can help you secure your customers’ data, click here.