Know Your Data in the Cloud Needs to be Secure

Posted 03/01/2018 by Gary Lim

In 2017, we have witnessed several cyberattacks that have caused global disruptions to regular business operations, financial loss and potential harm to organizations’ reputations. These incidents, along with the evolution of cyber threats today, highlight the need for businesses to consider security to protect their most valuable asset – data.

To create an effective defense, businesses must understand and plan for the risks that are present to its organization. In the case of succeeding in the cloud, they must always understand their data; you can’t protect yourself if you don’t know what you are protecting.

Knowing what sensitive information it has allows a company to identify and remove data that does not need to be stored in the cloud.

Once businesses know the value of their data in the cloud, they can use this information to better plan their cybersecurity strategy. It also drives the process behind building a robust data management strategy to keep data safe, secure and smart, even in today’s complex cyber threat landscape.  

Backup, backup, backup

Businesses may find themselves preoccupied with implementing security measures in a bid to keep attackers out, but it should not be their sole concern. While security is critical, it should not be forgotten that an attacker need only be successful once, and that preventative security measures are only part of the picture. Being able to recover from a seemingly inevitable breach, or minimise the damage, should be mission critical.

There is no doubt that technological advancements have made several aspects of disaster recovery more efficient and effective. From using tape to backup data, the industry has moved into snapshot technology, a read-only copy of the data set frozen at a certain point of time.

However, CIOs and IT managers have developed a common misconception that snapshot technology is an effective method of protecting data. That is where many organizations err in safeguarding themselves against system outages.

Snapshots and replica backups should not be relied on as the sole means of recovery. These snapshots can just as easily be encrypted and corrupted if they are not stored in a secure way during a ransomware attack. Even if a business is not subject to an attack, data loss scenarios can still happen in the cloud, and despite assurances, no service truly has 100 percent uptime.

Simply because snapshots are stored in the cloud does not mean a business is adequately protected. Backing up data to the cloud requires a more comprehensive approach, such as using a dedicated platform that understands what data truly needs to be backed up and natively integrates with cloud providers.

Don’t keep all your eggs in one basket

With McAcfee reporting that 93 percent of organizations are using cloud services in some form, it is evident that the cloud has made a positive impact on businesses in today’s digital economy. However, business leaders should not rely on a single data storage type, or provider.

When an organization’s cloud provider is targeted, attackers may choose to focus on the business’ administration control and quickly cut off the victim from their data in the cloud. This gives attackers the option to delete snapshot and backup copies of data at their leisure, eliminating all critical information and disrupting the business.

Take the additional step to keep data protected and store it in both on-premises and cloud solutions. Having a secondary copy of data empowers information-driven organizations to strengthen their business continuity plans, minimizes downtime, and enables a quick and fast recovery that provides businesses with a competitive edge when battling cyber threats today.

Having multiple copies of data with good practices still needs to be managed. Organizations that employ exceptional data management hygiene will always know where its data lives – across public or private cloud(s), on-premises or co-location sites – and will have specific data backups and processes in place to protect it. When an emergency occurs, data recovery for these organizations is fast and automated.

Knowing your data in the cloud and taking supplementary steps to secure it will help your organization avoid the long-term consequences of ransomware attacks, improve redundancy, and assist in developing a clear and automated disaster recovery plan. Rather than only seeing security as a preventative issue, mature organizations should plan to minimize the consequences of an incident and get the business up and running again quickly.

The only true way to be completely confident in the face of cyber threats is to have a unified overview of data across all premises. When you take the time to know your data in the cloud in order to be secure – and adhere to good data practices – you prepare the business to be ready when the next attack occurs.

Learn how Commvault can enable you to recover quickly and with confidence from cybersecurity attacks, including ransomware.