Like It or Not, You Will Be Backing Up to the Cloud Soon
Many organizations are still resisting cloud backups for one main reason: trust. Businesses don't trust third parties with their sensitive data. They don't trust that data will be available when they need it, and they don't necessarily trust that they'll be able to move their data from one vendor's cloud to another.
All valid points. And, frankly, all of them are beside the point.
After Superstorm Sandy, the Asian tsunami, Hurricane Katrina and the Fukushima earthquake, the age of local-only backups is over. Only fools think otherwise. Even relying on regional-only backups is a dangerous proposition, as Superstorm Sandy so starkly proved. I suppose you could still backup to tape and FedEx your tapes several states away, but that's not a terribly elegant solution to the local backup problem — nor is at a cost-effective one.
Added to all this is the fact that today's enterprise is no longer a monolithic entity housed in a single building or office park. Workers telecommute, contractors have replaced many in-house workers, and it's not uncommon for employees to access — and change — corporate data from the road. Traditional backup methods fail to meet the challenges of how knowledge workers complete their work today.
The cloud's trust issues will eventually be worked out. In fact, the top cloud providers often do a heck of a lot more to protect data than the typical enterprise.
The age of backup and recovery in the cloud is already upon us. Are you ready? This guide will help prepare you for the inevitable.
Cloud Backup Obstacles
1. Trust and security concerns
For this guide, I polled approximately 50 cloud backup experts. The number one obstacle to cloud backup that they cited, by far, was trust and security. Most emphasized trust over the more technical idea of "security." That's telling.
Security is about encryption, access control and data protection. Trust is about more.
"The biggest obstacle is psychological, and relates to trust," said Nathaniel Borenstein, Chief Scientist for Mimecast, an email management company that uses the cloud to store and archive client emails. "Although off-site backups have been common for a long time, the idea of having your primary backup off-site is still scary to some. Most cloud backup systems are designed so that your backups are entirely in the hands of a third party, off site, and that feels like a loss of control to many customers."
Can you trust that the service provider will be in business a year from now? Five years? Can you trust that you'll be able to get your data out of their system and into a rival's? Can you trust them to get compliance right?
"Because of the shared, multi-tenant nature of cloud services, service level agreements (SLAs) and accountability for data loss and outages can be problematic," said Bob Bunge, associate professor at DeVry University's College of Engineering and Information Sciences.
SLAs are a major trust issue. When something goes wrong, can you trust that the service provider will make it right?
Eelco van Beek, CEO of Jitscale, an IT management company, brought up another salient question: "Will [cloud storage providers] hand over your data to a government agency if they are asked to do so?" Some providers will decrypt and turn over your data if a court orders them to. Worrying about government intrusion doesn't mean you're up to no good. Think about all of the bad PR telcos received for the warrantless wiretaps.
Finally, if these cloud providers have access to your data, are the able to do anything with it? If you go with some freemium company, can they resell your data, or even data patterns, to advertisers and marketers?
On the other hand, if you go with a company that doesn't keep the keys and cannot decrypt your data, you better be sure you never lose those keys. Otherwise, that data is lost for good.
Security is at the heart of the trust equation, but trust is about much, much more than just having the right security tools in place.
Compliance is big concern for heavily regulated industries, such as financial services and health care. However, compliance should be just as important for companies that store customer data, no matter what industry they are in. According to Symantec's latest cost of a data breach report, the average breach now costs companies $5.5 million, which includes forensic costs, fines, legal fees, etc.
Moreover, companies that experience a breach lose customers and experience increased churn in their customer base.
How will you prove to your auditors that your service provider is meeting regulatory requirements? Most providers should have some sort of compliance program in place, but you'll want to make sure to verify it. After all, it will be your company's reputation on the line if something goes wrong.
3. Resistance from IT
Rightly or wrongly, many IT pros worry that the cloud will help eliminate their jobs. If you're a storage administrator, this fear may not be that far from the truth. (Just because you're paranoid doesn't mean they aren't out to get you.) However, moving backups to the cloud could free IT administrators up from tedious maintenance and management chores, so they can turn their jobs into more strategic ones.
Backing up in the cloud is supposed to save you money, right? Well, it doesn’t always work out that way.
One of the main cost drivers comes from the fact that you can now save everything, so people do. Another problem is that many providers make it difficult to delete data in their clouds.
"As data is often bundled into larger blocks to improve cloud operations, how does the vendor handle the case when some of the data within a block should be deleted yet other data must be kept? It is surprising as to how few vendors do this well — some don’t delete any data in the cloud so the cloud storage bill continues to grow and grow," said Jerome Noll, director Cloud Storage marketing, Riverbed Technology.
5. Unreliability of the Internet
The public Internet poses problems for those seeking to access cloud backup solutions. The status quo for remote connectivity — setting up VPN connections — isn't sufficient. Moreover, even with compression technologies, many just won't have enough bandwidth without either setting up expensive private networks (typically through MPLS lines) or finding an alternative, such as WAN optimization.
Networking limitations, both inside and outside of the data center, mean that cloud storage isn't really the best method for disaster recovery. It's great for data protection, but when it comes time to recover that data, you'll be in for a long, slow slog.
Of course, where networking is a significant enough pain point, you can bet vendors will try to find solutions to solve it and cash in on it. In this case, technologies like Software Defined Networking (SDN) and WAN optimization could help.