Protecting Yourself from Yourself
As the adoption of cloud servers by companies of all sizes increases, the backup strategy and methodology of companies has also changed. The traditional network methodology for a company would have been to maintain production servers’ onsite in a server room, replicate to a disaster recovery (DR) site and backup to tape.
Using cloud servers hosted by a 3rd party definitely has its advantages. Companies gain the benefits of increased efficiency, lower cost and the ability to scale on demand.
The most common overlooked area of cloud servers is their backup. From my experience of evaluating cloud infrastructure with IT managers the most common setup for backup is either:
- The backup responsibility is handed over to the hosting provider in an out of sight, out of mind approach. The IT manager usually has little idea as to how their data is being backed up, where it is stored, the frequency of backup and the retention of their data.
- Replication of their production environment to a duplicate environment in another data centre with backup jobs of both the production and replication environment being performed to an additional storage within the same data centre. A simple network layout is illustrated below.
When analyzing the risks in scenario 1, I advise IT managers to clarify the following questions with their hosting provider:
- What servers are actually backed up?
- How frequently are these servers backed up?
- What is the retention period of these backups?
- Does this retention period comply with company policy?
- Are any backup jobs held offline?
Once these questions have been answered, solutions can be implemented to improve redundancy and reduce the risk of the company.
For companies that have a strategy similar to scenario 2, I advise to identify the weak link in their environment. The largest risk in such an environment is that all their data is held online within the same network. With the click of a mouse and a couple key strokes a hacker or a disgruntled employee could bring the entire network down by deleting the data at all sites.
Without an offline or external backup, the company has nowhere to turn for recovery.
The question I always ask IT managers is:
“Can you or your system administrator personally delete all the data on your servers and backup sites within your company?” After giving it some thought, they usually answer with something along the lines of:
“Yes but I wouldn’t do it and we trust our sys-admin guy, he has been here forever”.
When analyzing risks within an organization it is important to detach individual people from the analysis and to actually identify where the actual risk lies. It doesn’t need to be the IT manager or sys admin, it could simply be someone who gained access to the passwords of those employees that deleted the company data on all the sites. If the possibility exists that all the data could be deleted either maliciously or unintentionally, the risk needs to be reduced.
The solution to the above issues it to implement either:
- A physical backup of the data to external media such as backup tape or removable disks and to keep these offline and outside of the company.
- Third backup site for critical data hosted by an independent company outside of the network with a strong data deletion and retention policy.
The backup strategy of using third backup site is becoming increasingly common with companies that have outsourced their IT infrastructure to the cloud or a hosting provider. In many countries, regulation has forced banks, credit card companies and insurance firms to adopt the requirement of an externally hosted third backup site.
When it comes to backup as a last line of defense, it makes business sense for a company to protect themselves from themselves.
Escrow London provides a range of third site backup solutions to protect companies that have moved their IT infrastructure to the cloud. These services include: