The Importance of Protecting Cloud Hosted Applications

Anyone who thinks you don’t need to back up cloud applications such as salesforce, Office 365 and Google Apps clearly has some thinking to do. There is no such thing as the cloud. There is only someone else’s data center. Ignore backups of any computer at your peril.

Codespaces.com was a place to store your code. Their entire site was run in Amazon Web Services (AWS). They backed up their data to S3. They transferred some backups to Glacier. All of those services were connected to the same account, and it was hacked. In the first ransomware attack of which I am aware, the hacker demanded money. When codespaces.com did not pay, the hacker deleted their account. No more codespaces.com. They never recovered from that and ceased to exist as a company.

What happened to codespaces.com highlights a vulnerability of cloud design. So many people using the cloud think their data is stored in multiple locations for redundancy purposes – and that is true. If an earthquake takes out the California data center, no problem. Your data is replicated to Kansas. Tornado takes out the Kansas data center? No problem. Your data is also replicated to Idaho. But if something happens to your account due to malice or human error, you’re on your own.

The best case scenario is your cloud application provider has a backup system to protect against data center-wide disaster. Since it’s not designed to help you restore an individual account, the vendor in question is likely to charge you a significant amount of money for such a service. Salesforce.com, for example, does have a Data Recovery service you can use as a last resort. But it really is a last resort, because:

  • it costs a minimum of $10,000
  • it can only restore the entire site
  • it can take 2 to 3 days
  • it is described as a “best effort” service
  • the page describing the service recommends using something else

The more likely scenario is there will be no backups you can use to restore your account, and you will lose your data forever. Someone will delete or corrupt a portion or all of your account. Let’s take a look at a few of the things that can cause this.

A rogue admin or hacker can delete your account, like what happened to codespaces.com. Once your account is deleted, there is no getting it back. One of the ways to minimize the chances of this happening is to use two factor authentication, but even that is not perfect and has a risk of being hacked.

A more common occurrence would be a well-meaning administrator cleaning up. Consider Office 365 or salesforce.com where they charge per user account. Suppose a well-meaning administrator has a list of accounts that he or she has been told needs deactivation. One wrong mouse click and they accidentally delete a very important account for someone who is still with the company. Without backups, there may be no way to get that data back. (Make sure to investigate whether or not your cloud application provider supports the concept of a trash bin. This may help to protect you from accidental deletion, but it will not protect you from purposeful deletion, as the rogue admin or hacker may just clean out the trash bin.)

Finally, there is the well-meaning user that accidentally deletes a folder or customer account very important to them. If there is no trash bin from which this folder can be retrieved, that data could be gone forever as well.

All of these reasons are why data sitting in cloud applications needs to be backed up to some third-party application. This could be software running in your data center or another cloud application. Do make sure that the login information for your cloud application in the login for your cloud backup application are different. Otherwise, you’re just giving your hacker another place to hack.

StorageSwiss Take

There is no cloud, only someone else’s data center. Servers need to be backed up no matter where they are, and most cloud application providers are not backing up your data in a way that you can use to restore it. If they are backing it up at all, they are backing up for DR purposes, and do not have a way for you to use it to restore your data. If they do have a way for you to use their backups, there will be a high cost to do so. The cost of backing up is so low and the cost of not backing up so high, it just doesn’t make sense to skip this most important part of IT just because you have your head in the clouds.

Sponsored by Commvault

W. Curtis Preston (aka Mr. Backup) is an expert in backup & recovery systems; a space he has been working in since 1993. He has written three books on the subject, Backup & Recovery, Using SANs and NAS, and Unix Backup & Recovery. Mr. Preston is a writer and has spoken at hundreds of seminars and conferences around the world. Preston’s mission is to arm today’s IT managers with truly unbiased information about today’s storage industry and its products.

Tagged with: , , , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,861 other followers

Blog Stats
  • 1,167,350 views
%d bloggers like this: