Protecting cloud data means backing it up

“We use the cloud, so we don’t need backups.” We hear this far too often. There is a common misconception amidst both business and technology leaders that moving to “the cloud” outsources the responsibility of protecting company data.

Nothing could be further from the truth. Software-as-a-Service providers of email, CRM and ERP platforms might (hopefully) do backups. But that’s typically to protect them in the case of a disaster. It’s often impossible for their customers to request restores in the case that something goes wrong on their end.

Do you rely on cloud providers for critical business functions? Have you asked your providers if they back up your data? Can you request a restore anytime you like?

Critically important is where they, or you, store backups. There’s no point storing important photocopies of birth certificates and passports in the same folder as the originals – loss, theft or fire will affect them both. In the same way, a cloud provider shouldn’t store your backups in the same physical or logical location as your data, or in a system that can be overwritten using the same credentials. Look at Code Spaces in 2014, Wood Ranch Medical in 2019 or CloudNordic in 2023. Just three examples of the many companies out there that didn’t air-gap their backups, resulting in unrecoverable losses of customer data when they were hacked, and a very premature end to their businesses.

How important is the data you have with your third-party providers? Do you even know who all your providers are? Do you have a multi-pronged backup strategy that covers all your critical data, and a restoration plan? How much does your company’s future rely on a single system? Are your backups protected with the same or higher level of security as your data?

If you haven’t thought about these questions in awhile, let this be your encouragement to.