IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
The top five ways data is lost in the cloud - and how to prevent it
Mon, 9th Oct 2017
FYI, this story is more than a year old

The astronomical numbers of consumer cloud-based users worldwide just keep rising. Some 3.6 billion internet users are projected to access cloud computing services during 2018, up from 2.4 billion users in 2013.

A common assumption is that if data is deleted, ‘well, it's in the cloud, so it must be backed up, right?' Wrong.

An industry study a few years back showed that the risk of data loss is very real, even if a cloud infrastructure service sends the data offsite. In fact, 32% of companies using SaaS services reported data loss in an Aberdeen report.

How data is lost in the cloud:

  • User error (registered users accidentally delete or overwrite data) accounts for 64%
  • Hackers (outsiders break into the business systems) are responsible for 13%
  • Closing accounts (cloud app accounts are closed without regard for the data left behind) result in 10%
  • Malicious delete (users purposely delete critical data belonging to a company) causes 7%
  • Third-party software (data is overwritten by third-party software) makes for 7%

Cloud data protection

Clearly, organisations need a sound data backup plan to protect their cloud data. A good backup and recovery strategy can save many hours of time, thousands of dollars and potentially prevent bankruptcy.

Third-party tools for backup and recovery of SaaS data can keep information safe and ready for recovery at all times. Compared to SaaS native backup functions, third-party tools have improved flexibility and functions. They allow organisations to back up SaaS applications for each account, using a trusted cloud provider; manage backups easily from a single dashboard; avoid downtime for users; spend less time managing backups and recovery; and gain fast insight into the types of data backed up.

SaaS sync issues

Most SaaS users believe their data is protected by the service provider. But the service level agreements (SLAs) for most cloud applications indicate that the service provider bears little or no responsibility for data that is lost and has not been backed up.

SLAs typically cover the common causes of application downtime, but these refer to downtime in the cloud data center, not what happens on the user's computer. Once a user changes an object and closes the application, there is little a provider can do to restore the original object.

This is because cloud applications providers provide just that – cloud applications. They are not in the backup and disaster recovery business and most of them have no plans to be.

Most users are confident their data is safe because SaaS providers have really made a name for themselves in the software world. But there have been many documented issues with the synchronisation capabilities of the apps.

For IT administrators in companies that rely on cloud services for their productivity suite, the SLAs for cloud applications can be a headache times two. First, users are at risk of losing their data. Secondly, there is no guarantee of recovery in case of user error, malicious deletion or sync issues.

It is crucially important that end users are educated about the capabilities for backup and recovery of cloud applications. At the same time, managed service providers must ensure there is always a backup to restore from, should data be lost.

Storage vs backup

Businesses do not always follow best practices to ensure data protection. Threats like malicious deletes, unauthorised access to data or external app errors (problems with syncing) will also cause problems.

This is why using SaaS as a backup option, and not for storage or file-sharing (as it is intended), might cause trouble. Moreover, cloud application SLAs will not cover the situation in which data was deleted because of user error.

Ultimately, a business owns the data and is responsible for what happens to it – even if it is stored in the cloud.

How to prevent cloud data loss

Microsoft has a guide on best practices to prevent SaaS data loss with Office 365. This advice can easily be applied to any cloud application. It starts with knowing exactly what type of data is stored and what data must be protected. For any user of cloud services, the key take-away is to always implement three main rules for their data management:

  • Identify sensitive information across many locations: Keep track of documents containing sensitive information. Watch out for credit card numbers, names, and contact information of customers or company employees.
  • Prevent the accidental sharing of sensitive information: Studies have shown that around 16 percent of documents uploaded to the cloud include sensitive information. The trouble is, employees may inadvertently share them outside the organisation. Businesses can put processes in place to block access to these documents automatically, or prevent them from being sent out to email addresses that are not part of their corporate domain.
  • Help users without interrupting their workflow: Everybody hates downtime, which is why automated systems make it so much easier to keep track of our most important data and protect it.

Leading disaster recovery specialists have introduced set and forget solutions that backup cloud applications. The best of these are designed specifically for busy business people who need peace of mind.