BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Have you fully considered the impacts of backing up to the cloud? There are some solid financial and technical reasons for using the cloud as a resting place for your backups. For many organizations, the cloud is enabling new types of disaster recovery that were previously impossible. But there are many new factors to consider when you hand over responsibility for your backups. Some of the considerations are around cloud backup security. We must consider the confidentiality, integrity and availability of your data. These three considerations are often abbreviated as the security CIA.
The first cloud backup security consideration, confidentiality, usually boils down to encryption and encryption keys. With most cloud backups, your backup data will traverse the public internet. You need to have strong encryption in transit, as that is the only way to keep your data confidential. Luckily, Transport Layer Security (TLS) is a well understood standard for this transit. With good key management, your data will be confidential in transit.
But what about cloud backup security for data at rest? Again there are well understood encryption mechanisms for data at rest. Most cloud backups land on object stores and most of these will have encryption at rest. The important questions are: how strong are the encryption keys and who manages these keys?
No matter what the cloud provider does, you want your own strong keys. Ideally the keys would be managed by you and the encryption would happen before the data leaves your site. Then you send encrypted data over the TLS encrypted network and it lands on the cloud provider’s encrypted object storage. Make sure you plan for restore, particularly disaster recovery. You will need a copy of the encryption keys at recovery time. If the sole copy is a hardware appliance in the primary data center, and you lose it, you may have a big recovery problem.
With integrity, when you read back the data, is it exactly the same as when you wrote it? Did anything get corrupted? Most object stores have built-in integrity checks that provide extremely high levels of data durability. Also, encryption will return noticeably corrupt data if the encrypted data is even slightly corrupted. So it is unlikely that your data will lose integrity and it will be very visible if it occurs. But how are you going to recover? In some cases you will need to send the same backup data to two different locations to protect against data corruption at one place.
The third part of the CIA for cloud backup security is availability. Can I actually use the data that I put into the cloud in a timely way? If it is a backup, how long will it take to restore back to my site? If it is a DR copy, then how do I go about recovering the services when my site is lost? We tend to send backup data to the cloud slowly, over expensive network links. Usually, we stage the backup to local storage and stream it to the cloud location.
When we need to restore, the expensive network can prove to be relatively slow. If the restore is for compliance or e-discovery purposes, it often makes more sense to restore to another location in the same cloud. A terrifying consideration for availability is the continued operation of the cloud storage provider, or lack thereof. We saw Nirvanix go out of business a few years ago. Customers were left with only a few weeks to extract petabytes of data. If that data had legally mandated retention, then customers were in serious trouble.
The decision to use cloud storage for backups is often a tactical response to a storage crisis. Yet there are many design considerations and requirements that must be managed when cloud backup destinations are used. Ensure that adopting cloud storage for backup is a strategic decision and that cloud backup security is strong. Evaluate all of the consequences of handing your backups to a cloud provider.
Take a proactive cloud security approach
Improve security of cloud-to-cloud backup
Assess cloud backup security when evaluating service providers