One of the most common misconceptions businesses and users have today is that the data they save in DropBox, Google Drive, OneDrive, and other cloud services is backed up. In fact, when we ask business owners what their current backup strategy is, it’s not uncommon for us to hear “We’re backing up all our files onto DropBox.” While these cloud file storage and sharing services appear to provide some safeguards for your data, they are vulnerable to numerous data loss scenarios including cyber-attack, corruption, and accidental deletion. To understand these shortcomings, you must first understand backup and disaster recovery.
Disaster Recovery vs. Backup
In the I.T. industry, you will often hear the term “Backup and Disaster Recovery” or “BDR” for short. What most don’t realize is that backup and disaster recovery are two different solutions with entirely different objectives.
There are many different events a business could face that would be considered a disaster from a data standpoint, including:
- Fire, flood, electrical anomalies, or natural disaster
- Sudden failure of a hardware component in the server or computer where your files are stored
- Loss of access to data caused by internet or network outages
When many businesses think of “backup,” these disaster scenarios are typically what they are planning for. Disaster recovery solutions are designed to protect businesses from these specific scenarios by implementing different types of redundancy. For example, a business that has a server in its office may have a secondary disaster recovery server that mirrors the first. Any time a file is created or modified on the primary server, that same change occurs on the disaster recovery server, whether or not the change was intentional or desired.
Cloud solution providers such as DropBox, Google, Microsoft, and Amazon utilize this same redundant systems strategy in their data centers. If one of their storage nodes in the data center fails, they can immediately fail over to another one that has a mirror copy.
On the other hand, backup has an entirely different objective. Its aim is to protect businesses from data loss events, including:
- Accidental deletion or modification
- Acts of malice by employees or other users with access to the data
- Data corruption caused by a hardware or software error
- Ransomware and other cyber-attacks
While many businesses often steer towards disaster recovery as their solution of choice, backup is what they actually need most. It is far more likely for a business to experience a data loss event than a disaster event.
Where businesses and users make a critical mistake is assuming that cloud solution providers include backup with their products. While they do provide disaster recovery for data stored on their platforms, they do not provide backup of that data. In fact, their terms and conditions state that the business or user is responsible for backing up the data stored on the cloud platform to a separate system.
If the cloud provider’s server where your data is stored has some sort of failure, the cloud provider will immediately fail over to another server and restore your access to the data. If you accidentally delete files on that server, though, the files will also be deleted on the mirrored server. Without a backup in place, those files are gone.
Many modern cloud file storage and sharing platforms now include file versioning. This feature essentially creates a copy of the file every time a change is made. If a user makes an accidental change on a file, file versioning allows the user to restore the previous version. Unfortunately, once again, many businesses and users mistake file versioning for backup.
The file versioning system offered by cloud providers has limits on the number of versions that are stored. Bad actors know this, and program their attacks accordingly. A ransomware attack, for example, will encrypt all the business’s files, making them unreadable until the ransom is paid. At first, the business thinks “No big deal, we’ll just roll back the file to the previous version.” Except the threat actors thought of that, and they set their attack to re-encrypt the file hundreds of times, ensuring that they exceeded the file versioning limits and effectively encrypt every available version of the files.
Accidental (or Intentional) Deletion
Businesses don’t just have to worry about the threat of cyber-attack against their cloud files. Accidental deletion, or malicious deletion by a disgruntled employee, is a significant risk as well. Many cloud providers include a “recycle bin” function for data deleted on the platform. Just like file versioning, though, these recycle bins have limits. Data deleted in Microsoft’s OneDrive or SharePoint, for example, is kept in the recycle bin for up to 93 days if all the default configurations are extended to their maximum limits. If a user accidentally deletes data and the business doesn’t realize it until several months later, that data is gone.
So, how do businesses ensure that all their data stored in the cloud is protected with both backup and disaster recovery? Simple: Subscribe to a cloud backup service, such as Digital Boardwalk’s Echo365™ solution. Not only are these cloud backup services incredibly affordable, but some of them, including Echo365™, feature unlimited backup storage and unlimited retention. This means that businesses no longer have to worry about exceeding backup storage limits or having to decide how long they want to keep data for. Additionally, solutions like Echo365™ are “air-gapped,” meaning they are isolated from the environment they are protecting and immune from common cyber-attacks that attempt to spread throughout the business network.