Data protection in the cloud: 3 best practices
The “Global DataSphere” is exploding in size. IDC predicts that by 2026, the amount of data in the world will have doubled again. While most enterprises have digitised their operations, they continue to add more strategic workloads and create more and more data. So, as the amount of data enterprises have to deal with grows exponentially, moving to the cloud based on an elaborated strategy offers significant benefits like scalability, flexibility and cost-effective storage.
But can this go on forever? Gartner expects total worldwide end-user spending on public cloud services will reach a record $592 billion this year, a 21 per cent increase from 2022. This rapid level of growth and migration raises some concerns at an enterprise level, with fast “lift and shift” migrations meaning best-practices for modern data protection aren’t followed. The Cloud security alliance (CSA) reported that 96% of companies say they have insufficient security for sensitive cloud data – so across the board we have a long way to go on this journey. Here are three best practices for enterprises to protect their data in the cloud.
When brought together, the amount of data kept by most enterprises, whether it was migrated over from on-premises or originally stored in the cloud, is vast. Humans are natural hoarders, and the digital world is no exception. While the “virtual garage” of the cloud can store endless boxes of data, locating everything is only half the battle. In order to know what data is mission-critical and sensitive, you’ll need to classify it. Automated data classification engines can help you sort through and organise – so you’re not blindly trying to protect everything to the nth degree. Once you know exactly what you have stored on the cloud (and where) only then can you start looking at how this data is secured.
As organisations face a fairly low barrier of entry to move data to the cloud, teams may not have prioritised the security and network processes that are required – if the migration happened too fast this can easily be the case. Similarly, because the cloud is a completely different environment to secure, things are often missed – there are lots of new service types that don’t always exist on-premises and many of these need to be protected and recovered in the case of attacks or outages. Examples of these include code in cloud storage, applications that leverage other cloud services and APIs provided in the cloud.
In practice, this means enterprises need to ensure they have backups of all critical and sensitive data stored in the cloud in case of breaches or outages. The best practice is to have multiple backups in different locations (e.g. one on-premises as well as a cloud copy) and have copies of data across different mediums, with at least one copy being kept offsite, offline and immutable – even better yet, all three.
The other core security responsibility that lies with the enterprise is controlling access and privileges. If every user of your cloud has access to God Mode, any breach is going to be devastating. Likewise, if you’re using a single account to do multiple different functions like protection and provisioning. The best practice is to ensure multiple accounts are used across the business, using access and identity management correctly across accounts and subscriptions so you can easily remove the failure domain in the case of a security breach. At a user level, ensure the principle of least privilege is being followed across the cloud environment so that people only have access to the resources and environments they need.
Ensure you have a proper data life cycle process. Without it, the good work done initially will become ineffective and expensive over time, with the business paying to store and protect the wrong data in the wrong ways. Data needs to be on the right storage platform in the cloud – and this will change during its lifecycle. For example, it might move from block resource to object storage to archive storage. The costs associated with these are variable, so make sure you’re not storing (or backing up) data in inefficient ways.
This is one small part of avoiding eventual “bill shock” for cloud computing and storage costs. Beyond simple data, costs are API costs, data egress (transfer) and more. I always recommend enterprises have an established “cloud economic model” that they follow to prevent costs from piling up and ensure spending matches expectations. To use a real-life analogy, if you leave a light on or forget to cancel a subscription you no longer use, your monthly bills will be higher than expected. If this happens across an enterprise cloud environment, the total tally can be eye-watering.
As enterprises’ (and the world’s) amount of stored data continues to grow over the next five years, the cloud is going to be a vital piece of the puzzle in managing this. Enterprises need to look beyond just storing and protecting their data and look at ways to utilise it and unlock value for their business and their customers. Doing this requires re-factoring for greater agility, but this will also mean the business is prepared for the ‘whatever’. Cloud computing is nothing if not dynamic, and will continue to evolve, with best practise bound to change. If enterprises become data-centric now, both on the cloud and on-premises, they’ll be ready for whatever the future throws their way.
By Rick Vanover – Senior Director, Product Strategy, Veeam
Add Chart to Comment
We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind:
- Enrich the conversation
- Stay focused and on track. Only post material that’s relevant to the topic being discussed.
- Be respectful. Even negative opinions can be framed positively and diplomatically.
- Use standard writing style. Include punctuation and upper and lower cases.
- NOTE: Spam and/or promotional messages and links within a comment will be removed
- Avoid profanity, slander or personal attacks directed at an author or another user.
- Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
- Only English comments will be allowed.
Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.
Drop an image here or Supported formats: *.jpg, *.png, *.gif up to 5mb
Drop an image here or