Top 3 Myths about Backing Up Cloud-Native and SaaS Data

Many organizations believe that the cloud is inherently safe and as a result there is no need to implement effective data backup and recovery. But, cloud data security is a shared responsibility between the cloud provider and the customer. The responsibility of the cloud provider is to safeguard the infrastructure, ensure access, and configure physical hosts, storage and other resources. In short: to ensure the underlying infrastructure is available.

The responsibilities of the customer are to manage users and their access privileges, safeguard cloud accounts from unauthorized access, encryption and protection of cloud-based data assets, and managing compliance¹.

As a result, it is up to the customer to ensure an effective backup and recovery solution is in place to ensure the data itself is available. Otherwise, cloud data can be subject to malicious threats as well as unintentional deletions, impacting key workloads across the IT environment.

_{1. “Shared Responsibility Model Explained.” Cloud Security Alliance, 26 Aug. 2020, https://cloudsecurityalliance.org/blog/2020/08/26/shared-responsibility-model-explained.}

Cloud providers have developed native tools for basic retention or backup functions. However, adoption of and reliance upon these solutions can create several challenges. First of all, these often have default retention periods (e.g. 30 days for M365) that fall far short of enterprise requirements. They also can be
complex to use when modifying defaults—and typical recovery times may fall short of SLA requirements, particularly at scale. These native services are also siloed—in the sense that they are not designed to also protect data sources beyond those they host, i.e. those running on-premises or in other clouds. As a result, organizations often end up with multiple systems to manage when using such tools, which drives up complexity and costs, creates a broader attack surface for security risks and breaches and poses challenges in meeting business SLAs and compliance requirements.

Many believe that recovery of cloud data is quick and seamless. Yet, what many have come to realize is that both backup and recovery speed in the cloud is highly network dependent. As a result, there is no guarantee that there won’t be any lags or latency in data recovery, which can have a significant impact for businesses with tight Recovery Time Objectives (RTOs). This is why a hybrid solution that can be managed from one place and that provides both self-managed and SaaS options is paramount. This way, you can choose where cloud backup data resides in order to meet SLA expectations properly when it comes to restores. Having that solution also be optimized for network performance, transmitting only delta change blocks across the WAN is also important.