Organizations today have no end of choices when it comes to managing, maintaining, and protecting their data. The variety of choices and solutions that businesses today have available have only since expanded in recent years with the exploding cloud marketspace. Numerous cloud offerings from various companies vouch to house your business’s data. There are many different factors that may lead to an organization choosing a particular cloud provider over another. Services and offerings from one public cloud vendor may more closely align with the true business needs of an organization. Pricing and other factors also weigh into the picture. Where production data is stored is only part of the equation.
It is essential that businesses think not only about production data, but also about how this data is being backed up and where the backup data is getting stored as well. Cloud-to-cloud backup is a great option for organizations to protect production data that is housed in a public cloud environment. Why is it essential that businesses think about where their cloud backup data is stored? Why is it important to separate backup data from production data? How can businesses have an extended choice for cloud service providers when it comes to backups? What are the risks of relying on a sole cloud service provider? Let’s take a look at data diversity and data locality in the cloud for production and backup data and why this is important.
Table of Contents
Backups of Cloud Environments
Cloud environments are vulnerable to many of the same threats to data that exist for on-premises data. Cloud does not mean – “immune to any data loss”. Cloud is simply a service or storage location that is provided by a public cloud vendor that allows organizations to have access to those services via the Internet, and store data in infrastructure provided by such vendors. The big three, Amazon AWS, Microsoft Azure, and Google GCP, all have impressive infrastructure. However, at the end of the day, the data is your responsibility to protect, so organizations must take charge of that task. Cloud providers have certainly not provided the best tools for protecting your data. In fact, cloud providers in general do not provide native tools that can really be classified as backup mechanisms.
At best, the tools provided by the likes of Microsoft’s OneDrive and others allow rolling back to an earlier version of a file if it falls within a 30-day period of time. However, for organizations to have effective backups, more functionality and control is needed to control how data is backed up, provide various restore functionality, and provide more options for retention. Additionally, Microsoft and others are only providing this “rollback” functionality to OneDrive files and resources. Organizations need to have backups of all services and resources that are business-critical. This may include email, SharePoint, and others. Google is even farther behind with no ability to roll back to specific versions as of the time of this writing.
Data Diversity for Cloud Backups
In the above, the necessity to provide backups of production data is made clear. Businesses who aren’t backing up cloud resources are setting themselves up for a major disaster that will most likely disrupt business continuity and could even have more serious repercussions to their business. Backups are essential. Period. How import though is it to think about where and in which cloud backups are stored?
Proper backup methodology and best practices underscore the need for diversifying data locations when it comes to backup data. In fact, the 3-2-1 rule that is often cited with backup best practices states that you need (3) copies of your backups on at least (2) different kinds of media, with (1) stored offsite. One of the directives that stands out when you examine this best practice rule is that backups need to be located in a separate location than the data being protected. In thinking about the scope of what could happen in a disaster, this is for good reason. The worst-case scenario involving a disaster would be one that not only takes down the production data, but also takes out the backup data as well. Storing backups in the same infrastructure as production is never a good idea for this reason.
While public cloud infrastructure is highly resilient, storing both production data and services and also backup data in the same public cloud is akin to storing production and backup data on the same SAN in an on-premises datacenter. It is not a good idea. Public cloud providers do have outages from time to time. If you were to need to get to data contained in a backup during an outage in production, both types of data would essentially be inaccessible if a sole cloud provider is utilized. Diversifying or splitting up production data from backup data is certainly a recommended best practice even from a cloud provider perspective.
The risk of relying on a single provider becomes apparent when those providers experience issues. You don’t want to have all your “eggs in one basket” by handing over both production and backup data to the same public cloud vendor. Choosing a cloud-to-cloud backup solution for business-critical resources that allows choosing where the data can be stored provides the best strategy for organizations looking to have the most powerful disaster recovery plan for cloud resources.
Cloud Service Providers No Native Data Diversity
Cloud providers are generally “narcissistic” in they only natively provide functionality within their own ecosystem of products, services, and storage. This means that any solution that is provided within their purview will utilize their own heterogeneous products, storage, networks, etc. The outcome for businesses? Businesses looking to protect data and store this outside the scope of their public cloud vendor of choice, won’t find a native solution that allows seamless integration to other cloud storage providers to back up data from a different cloud provider.
This leads to two perplexing and challenging conclusions for businesses. First, public cloud vendors do not provide native data protection solutions that meet the business demands and SLAs that are required by organizations utilizing public cloud infrastructure. Second, public cloud vendors lack supported integrations with other public cloud infrastructure outside the scope of their own provided storage, compute, and network infrastructure. Both of these present a challenging state of affairs that lead to ineffective data protection provided natively by public cloud vendors.
Data Locality and Compliance
On top of today’s challenging landscape of data protection inside the scope of public cloud provider native tools, businesses today are faced with additional challenges in the scope of compliance and data locality. The new European Union’s General Data Protection Regulation or (GDPR), provides a new set of added challenges to those businesses who are/want to utilize cloud resources to store customer data.
The GDPR regulation went into effect on May 25, 2018 and is a new set of compliance regulations that provides a whole new array of compliance and protection to customers and their data as it relates to how this data is being used, protected, and disposed of. Among other things, the new GDPR regulations allows EU citizens to take ownership of their data and privacy. Organizations or (data controller) must be proactive in protecting the data and privacy of its customers (data subjects). Several key aspects of General Data Protection Regulation data privacy define what this looks like for both data subjects and the organizations responsible for their data. Several key rights are assigned to the data subjects by GDPR including the following:
- Breach Notification
- Right to Access
- Right to be Forgotten
- Data Portability
- Privacy by Design
- Data Protection Officers
An extremely important aspect of GDPR for consideration is the terms defined regarding data localization. As defined in GDPR, the personal data of customers can only transfer to countries outside the European Union when there is an adequate level of protection guaranteed. Huge fines loom for those organizations that are found in violation of the regulations set forth in GDPR. With lesser violations, such as information and records not being in order, or not notifying a supervising authority and data subject about security breaches, or impact assessment being conducted, a company can be fined 2% of annual global turnover. In the most severe violation of GDPR, organizations can be fined up to 4% of their annual global turnover or 20 million euros, being the amount that is greater of the two. Gross violations will amount to maximum penalties on such items as not having customer consent to process data or violating core Privacy by Design which amounts to negligence under GDPR regulations.
The interpretation and definition of how this relates to data protection and the data contained within is still being scrutinized as corporations struggle to understand all the nuances of the new regulations. However, this leaves businesses today that are utilizing public cloud environments with the challenge of architecting both their on-premises and public cloud environments in such a way that GDPR compliance is taken into consideration. For those looking to comply with the strictest interpretation of GDPR data localization compliance, both production and backup data, containing production data, data localization must be taken into consideration.
It is easily seen that security of stored data is also extremely important under the GDPR compliance regulations. Organizations must ensure that data is secured from breach or other cybersecurity concerns as they relate to protecting customer data and other sensitive data protection mechanisms that are required. Encrypting production data both in-flight and at-rest is essential to enforcing data security in the cloud. However, this also comes into play with any data protection solution that is utilized to backup production data.
What can help organizations to comply with the standards as set forth in GDPR for data localization? Public cloud vendors already generally provide the ability to customers to be able to determine where production workloads and services run from within their public cloud infrastructure. Generally, customers are given the opportunity to choose the region and location (country/city) from which to run services. In lieu of GDPR and other compliance regulations that must be met, customers must take data localization seriously and make pertinent decisions in line with those requirements.
What about backup data? As mentioned, natively, the public cloud vendors provide very weak/no options when it comes to backups in general. This underscores the need for most businesses to choose a third-party solution that will allow properly protecting data stored in the public cloud. Let’s take a close look at how Spinbackup provides organizations today with the ability to not only offset the risks of relying on a sole cloud provider for data protection, but also help to meet the challenges of compliance regulations such as GDPR.
Spinbackup – Effectively Meeting Data Diversity and Data Locality Challenges
As shown above, the challenges of data diversity, not relying on a sole provider, and data locality are very real. Businesses must think very seriously about both aspects of their data when both planning a cloud strategy and architecting a data protection solution for that strategy. Let’s look at how Spinbackup allows businesses to properly diversify the locations of where backup data is stored, in line with best practice recommendations.
Best practices regarding data protection always involve a large measure of spreading out backup data and its various locations to prevent losing not only production data, but also backup data. This data diversity focus is easily seen in the 3-2-1 backup strategy which protects organizations from this type of loss. How does Spinbackup help meet this challenge?
When first signing up for a Spinbackup account to protect your public cloud environment, Spinbackup provides the choice of not only which region in a specific vendor’s infrastructure you want to store the backup data, but also which public cloud provider in which you want to store the data. This is a powerful option that Spinbackup provides that goes above and beyond the options afforded by other cloud data protection solutions available for protecting G Suite and Office 365 environments.
This effectively allows your data to be protected, not only in a different cloud region, but a totally different cloud provider’s infrastructure and network. While the “big three” public cloud providers, AWS, Azure, and GCP, all have impressive uptime and resiliency, they can and do suffer outages.
When contemplating meeting the challenges of the complex General Data Protection Regulation or GDPR, Spinbackup allows businesses to effectively choose where data is localized and provides control over both the location and the provider of the data protection storage location. In addition, Spinbackup provides protection for the backup data as it is encrypted using industry-standard encryption algorithms for data that is both in-flight and at-rest.
By allowing this simple choice of where backup data is to be located and in which provider’s infrastructure, Spinbackup allows businesses to meet the challenges of both data diversity and data localization. Spinbackup provides choices that allow strategically placing backup data so that it can effectively align with both business needs and the other challenges as stated above. Data encryption both in-flight and at-rest protects this data as it traverses the network and is stored in the cloud provider of choice.
Spinbackup – Real Business Value
When considering any solution, businesses, must choose solutions that offer real business value. Spinbackup effectively provides the business value that organizations today are looking for in terms of capabilities, cost, and the value returned on the investment. Spinbackup provides a singular solution that allows meeting not only the demands of data diversity and data localization but also cybersecurity in the public cloud, which is a difficult and challenging task.
It stands alone as a solution providing robust data protection and cybersecurity functionality, all within a single solution. This is all managed within a single management interface. Let’s recap the features and functionality afforded by Spinbackup in regards to preventing reliance on a sole public cloud provider and data localization and highlight the additional functionality afforded to businesses who choose Spinbackup to protect their public cloud environments.
- It allows choosing both the public cloud vendor and region that backup data is stored.
- Allows meeting GDPR compliance obligations for customer data localization.
- Allows meeting effective data protection best practice recommendations by diversifying data.
- Provides industry-standard data encryption of data both in-flight and at-rest.
- Offers Ransomware Protection.
- Enforces Data Leak Protection.
- Detects insider threats.
- Enables effective real-time alerts and notifications.
- Protects environments with Machine-Learning enabled functionality that provides intelligent monitoring and remediation of cybersecurity events.
The public cloud landscape provides organizations today with a wealth of capabilities and features that allow quickly provisioning infrastructure and having access to the latest technologies and services. While migrating to the cloud affords access to these tremendous capabilities, it opens up a wide range of design decisions as they relate to where and how data is stored in the cloud. This also affects how businesses today protect the data that is located in the cloud. In following data protection best practices, data needs to be diversified so that it is separated from production infrastructure. This concept also must be carried over to public cloud environments.
Businesses must think about effectively diversifying their backup data locations across regions and providers so that they are not relying on a sole cloud provider for both production and backups. Today’s compliance regulations add additional complexity to the solutions as GDPR and other compliance regulations set forth regulation related to data localization. Spinbackup effectively allows organizations to meet these demands by allowing businesses to easily decide where and in which provider backup data is stored.
By providing this capability as well as ensuring secure backups both in-flight and at-rest, Spinbackup provides a powerful solution to meet data diversity and data localization demands. In addition, it provides an extremely effective, machine-learning enabled, cybersecurity platform for security public cloud environments. The risks of relying on a sole cloud provider are great. Spinbackup’s solution to protecting data allows solving this challenge to allow effectively protecting cloud environments properly, securely, and intelligently.