alphaspirit - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

Does secure cloud backup exist and how can it be safer?

Despite ransomware and other attacks causing security issues, it is possible to institute safe cloud backup. Access control and testing are among the best practices to follow.

When the public cloud first appeared, security between tenants in a system was a major issue. Traditional noncloud vendors jumped on the opportunity to slam the cloud approach, but cloud service providers have proven that they have the resources and on-board expertise to make their environments secure.

But are these cloud backups as safe as the old tape in the salt mine approach? Let's break the secure cloud backup question into component risk vectors.

First, black hats trying to read stored data can be easily blocked. Most good backup software enables Advanced Encryption Standard-class encryption, with possible super-encryption in the manner of the Triple Data Encryption Standard. As long as the keys are kept within a very small group of the data owner's staff, the data won't be published by WikiLeaks.

Ransomware attacks, which render data inaccessible, are still an issue, though. A solution for secure cloud backup is to limit credentials to those administrators who work on the backups regularly and to keep an access log to spot anomalies in access, such as downloading critical files. With tight access control, ransomware has limited ways to get to the backup images. Deleting files is another form of attack, with the same antidote approaches as ransomware.

Making the backup repository read-only for existing content and enabling add-only for new content is one way to secure cloud backup and increase protection against ransomware-type attacks. This is write-once, read-only access. In other words, data in the backup archive cannot be overwritten, changed or deleted. If the ransomware black hat can't change the file, it should be very safe. This approach is similar to taking snapshots, and it creates the ability to roll back the archive to a point in time for a clean recovery.

But do risks still exist? The human factor should never be underestimated when trying to achieve secure cloud backup. For example, a coder might botch a revision of the backup code. You should therefore test all upgrades thoroughly and generally be conservative about making them happen.

Replication protection and geo-dispersion make the cloud seem foolproof against data loss, but it's a good idea to keep a second copy of the data and make it hard to open. This provides a fallback if all else fails.

Next Steps

Explore the CIA model for secure cloud storage backups

Protect your data in the public cloud

Guide to cloud backup best practices

This was last published in June 2017

Dig Deeper on Cloud backup

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is the biggest threat to cloud backup security?
Cancel
I was the co-founder and CEO of Carbonite, and in my experience by far the biggest risk of data loss is not intruders or system failures, but rather human error and to a lesser extent internal sabotage.  That's why many CIOs still rely on storing data on tape and then taking the tapes off-line.  WORM tapes have long been used to prevent accidental or malicious data deletion.  More recently Microsoft Gov Cloud and my new company, Wasabi, have introduced disk-based cloud storage with the option of immutable buckets that cannot be altered or erased, even by a system admin.  For backups that cannot be accidentally or maliciously destroyed, immutable cloud storage makes sense.  
Cancel

-ADS BY GOOGLE

SearchSolidStateStorage

SearchCloudStorage

SearchDisasterRecovery

SearchStorage

SearchITChannel

Close