Creating a disaster recovery strategy for data resilience in the cloud
Author : Sergei Serdyuk, NAKIVO
10 September 2024
With all of the advantages associated with cloud adoption, many organisations mistakenly assume that once their data is in the cloud, it is automatically safe and sound. Unfortunately, that is certainly not the case.
The adoption of cloud by organisations has been driven by the enormous flexibility and scalability it delivers, advantages that allow businesses to adjust their usage easily to meet their changing needs. The cloud has ushered in an era of collaboration and data sharing on a scale not previously possible, with benefits such as cost savings by reducing hardware and maintenance investments, while the flexible pricing model of cloud services takes its cost-effectiveness even further.
Security is another plus point, while a well-executed cloud migration has the potential to increase revenue and profitability.
Why organisations must protect their data in the cloud
There are at least three major reasons why companies need to protect their data in cloud environments: firstly, it's crucial to know that data protection is usually not the cloud provider's responsibility. Most providers operate on the Shared Responsibility Model, where it explicitly states they are only responsible for maintaining the availability and security of the infrastructure. This means that it is up to customers to protect their own data and prevent unauthorised access.
The second reason is the risk of violating data privacy and industry-specific retention regulations. Without proper measures in place to comply with these regulations, organisations can find themselves on the wrong side of the law. Industries such as healthcare and financial services have strict laws that require organisations not only to protect sensitive data like patient records and financial transactions, but also to store them for extended periods of time.
The third reason, and a major one, is the risk of data loss threats like ransomware attacks, where data can be held hostage, followed by the intimidation of victims to pay a hefty ransom to get their data back. Although cloud providers usually have strong security measures in place, data housed in the cloud is still vulnerable to these threats, as well as data leaks. In fact, in recent years, there has been the rise of a specialised ransomware type called Ransomcloud, which specifically targets data in cloud platforms.
At the same time, the high accessibility that cloud platforms provide has its drawbacks. For instance, it leaves the chance of a disgruntled employee gaining access to company data and deleting files that are only recoverable from backups. This might also happen accidentally, as human error remains one of the highest causes of business data loss.
To mitigate these challenges, cloud disaster recovery (DR), utilises the scalability, flexibility, and cost-efficiency of cloud computing to provide an efficient and accessible solution.
What is cloud DR?
Cloud disaster recovery is a set of approaches and services designed to safeguard data, applications, and other assets by storing them in public cloud environments, or with specialised service providers. In the event of a disaster, the impacted data, applications, and resources can be reinstated either in the local data centre or through a cloud provider, allowing the enterprise to resume regular operations swiftly.
Sergei Serdyuk, VP of Product Management, NAKIVO
The objective of cloud disaster recovery closely mirrors that of traditional disaster recovery: safeguarding critical business resources and guaranteeing the accessibility and recovery of protected assets to maintain uninterrupted business operations.
With this in mind, here are the core components of a reliable strategy for data protection in the cloud.
Building a robust cloud DR strategy
Building a cloud-based DR strategy involves careful planning, the assessment of business needs, and utilising cloud resources to ensure the continuity of operations in the event of a disaster.
Different types of data require different approaches to protection. Your strategy should help classify your data according to its type, sensitivity and business value, if stolen, altered, or destroyed. Classification also helps to assess risk levels, allowing preventive actions to be taken accordingly. This classification approach brings additional benefits down the line, helping to streamline operations, reduce maintenance costs, and optimise resource consumption by focusing resources where they are most needed.
Once the priorities are set, the procedures for data backup can be implemented. Backups should be at the centre of the strategy, because it is the key to avoiding data loss. Requirements for compliance should also be considered. Backups should be performed regularly, as a disaster can happen at any time. The next step would be to locate storage for backups and configure backup workflows. This process usually starts with assigning tiers to backup data based on its importance, which involves simplifying the workflows by scheduling and automating backup activities - this ensures that the entire process is as streamlined and error-free as possible.
It is not only data in the cloud that is vulnerable, but also backup data that can be targeted. However, enabling immutability in backups effectively prevents any changes to backup data for a set period of time. Data remains protected from new ransomware infections as well as accidental or deliberate modifications and deletions, keeping backups available for recovery at all times.
Encryption is a crucial and often overlooked aspect of any cloud data protection strategy. While cloud providers offer encryption capabilities, you should ask yourself whether their level of security meets your organisation's needs. When it comes to the cloud, data encryption and controlling your encryption keys, is critical. A rule of thumb is to encrypt data before sending it out to be stored in the cloud.
Your strategy should cover cloud data access. Insider threats can be as severe as external ones, with employees misusing their permissions to leak or delete critical data. The Zero Trust Model can be used to protect the critical data process in the company without disrupting operations. Most organisations use Role Based Access Control to provide their staff with access levels depending on their role. Likewise, adding an extra layer of authentication such as Two-Factor Authentication makes data much more secure than it would be behind a username and password.
Part of your strategy must include robust measures for data recovery in case of incidents or disasters. Make sure to set up a dedicated site for disaster recovery, and configure recovery procedures for multiple scenarios. Choosing a cloud disaster recovery solution is a critical decision that involves assessing various factors to ensure that the selected solution aligns with your business requirements and provides the necessary resilience.
With the cloud DR strategy almost complete, the next step is to make sure that it uses available resources efficiently. As the amount of data organisations generate and store grows rapidly, ensuring that your data protection process remains cost effective and efficient, is crucial. This is achieved by reducing the amount of data to be managed through technologies like deduplication, compression and bandwidth throttling, which are effective ways to reduce data redundancy and boost efficiency.
Finally, mock data recoveries should be run to ensure that the process works, and that the desired results in line with objectives can be achieved. It should be remembered that the worst time to find a gap in the defences is during an attack or system failure, so test runs are vital to identify bottlenecks and issues.
Including all of these steps will ensure a robust DR strategy, with resources in place to swiftly recover your data and resume operations in the event of a cyber attack or disaster.
More information at: www.nakivo.com.
Contact Details and Archive...