Data protection: What's protecting your cloud?
How can one thing generate two such contradictory opinions, both wrong? Bryan Betts takes a look...
Here's a puzzle: how can there be two contradictory viewpoints on such a crucial aspect of cloud computing and how can both of them be wrong.
On the one hand, cloud-based applications and services are seen as safe. Surely their high availability means the data you place with them is backed up, right? Wrong, It may be protected against disaster, but not against accidental deletion, or updates that go wrong. On the other hand, data in the cloud is on the public internet, not under lock and key in your datacentre, so it must be less secure, right? Not quite. With much more to protect, cloud providers also have bigger security budgets, skills and incentive than the average datacentre.
Then there is the issue that cloud data protection can mean unnecessary triplication of work: the application admins backup the applications, the server admins backup the virtual machines, and the storage admins snapshot the storage – with each one potentially containing different versions of the same data.
That first assumption of safety is one of the riskiest, warns Pavan Vyas, a product marketing manager at backup software developer Asigra. He says he has heard from any number of users of Salesforce.com, Dropbox and so on, who didn't realise that those are not – and do not claim to be – also backup services.
“When we talked to customers and partners, we found that organisations typically don't protect the data in cloud applications today – they believe the application provider does it,” he explains. “For example, Salesforce.com's terms and conditions very clearly put the backup responsibility with the customer, but because this is hidden in the fine print, organisations often don't back it up.”
Quite apart from the obvious risk to your data, this is potentially a serious breach of your regulatory responsibilities, he says, adding: “From a compliance perspective, it is the organisation that put the data there that is responsible for backing it up.”
Fortunately, for those that do recognise the need to backup from the cloud as well as to the cloud, there are ways and means. For example, Salesforce allows users to manually export their data weekly or monthly, depending on their subscription level; the exported text file can then be loaded into Excel, say. Other tools, including some from the Salesforce AppExchange, can automate this process.
The challenge for backup companies is knowing which of the many cloud platforms to support. Vyas notes that in its latest software release, Asigra Cloud Backup V12, his company has introduced cloud-to-cloud backup with the ability to save data from both Salesforce.com and IBM's SmartCloud to a cloud-based backup service, and restore it. He says it is still talking to service providers about which other cloud applications and platforms to support, though.
He notes too a problem which may already have occurred to anyone using cloud storage, especially for tasks such as Big Data: in order to copy your data, whether for backup or to move to another service provider, you need a lot of working storage and Internet bandwidth.
"In the case of SaaS, the backup has to pass through the customer's network," he says, "but in PaaS you can configure it to run the client there in the cloud and then backup directly over the cloud." That means you would set up the backup server as another cloud VM, in effect sitting alongside your application VMs in your service provider's cloud, and run the backup job there, he explains.