Disaster recovery in the cloud is misunderstood by many people outside the IT industry. Perhaps enchanted by the marketing hype of cloud vendors, the technology media hasn’t done a good job talking about the true resiliency of cloud platforms and the responsibility that businesses have in securing their cloud computing data.

37% of IT decision-makers feel that once a business has migrated to the cloud, its backup and disaster recovery programs can just coast by on autopilot.

This is not an assumption that any business should make lightly. Remember when the Amazon Cloud went down on December 7, 2021? That was a great indicator that the cloud, while an excellent tool for resilience, is not a bulletproof DR solution.

We’ve written on cloud outages before, but let’s look at the steps businesses should take to ensure that their cloud systems are prepared for reliability and resiliency.

The Shared Responsibility for Cloud Disaster Recovery

Disaster recovery for cloud or hybrid cloud infrastructure is ultimately a shared responsibility. The shared responsibility model (SRM) is a cloud security framework that outlines data loss prevention and cybersecurity, duties the provider and the end-user are responsible for handling.

While cloud providers play a significant role in ensuring the customer data they store is protected from danger, the end-user must also play an active role in safeguarding the data they place on those cloud servers.

Here’s what two of the major cloud vendors say about shared responsibility:

Microsoft: “For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control.” (Read more about Microsoft shared responsibility)

Amazon Web Service: “While AWS secures and maintains the cloud infrastructure, you (the customer) are responsible for securing everything you put in the cloud. This includes your data, the applications that you build, your configurations, and so on.” (Read more about AWS shared responsibility)

There’s a small variance in how each of the major cloud companies interprets the shared responsibility model, which means that you should carefully audit all your cloud applications during the disaster recovery planning and maintenance phases.

Some topics that you will likely be responsible for as part of the SRM include network controls, identity and access management, application configuration, and of course, the health of your data.

According to Gartner research, 99% of all cloud security failures through 2025 will be the customer’s fault.

Backup SaaS Data to Third Party Locations

Software as a service (SaaS) applications have become a core feature of many small and midsized businesses. According to the Blissfully 2020 SaaS Trends Report, the average 100-person company uses 185 unique SaaS applications, which now include ubiquitous software products like Microsoft 365 or Google Workspace.

But according to an ESG study, 33% of IT professionals feel that SaaS-based applications don’t need to be backed up, with 37% of those businesses relying on the SaaS vendor to do their backups for them. Most SaaS companies work under the shared responsibility model, just like AWS and Microsoft. That means they’re responsible for protecting the application itself, while you’re responsible for protecting the data contained inside.

Here are some questions to ask about fitting your SaaS applications into your BDR solution.

  • Does your current BDR system integrate with your important SaaS products?
  • Do you need to encrypt personally identifiable information (PII) that’s in transit to the backup site?
  • Have you classified the data assets in each of your SaaS products for low and high probability?

Backing up SaaS application data to your own private cloud storage environment, as opposed to a backup service, is a good idea for many types of organizations, especially those that house regulated data. The control that a private server allows makes it easy to capture information about who accessed data, what kind of device they were using, and their IP address to ensure robust data lineage.

Disaster Recovery in the Cloud – Beyond SaaS Backup

Popular platform as a service (PaaS) and infrastructure as a service (IaaS) services like AWS and Microsoft Azure have unique BDR requirements.

In most cases, BDR for IaaS is a relatively straightforward affair. Because IaaS services seek to create a faithful reproduction of the on-premise environment, integrating IaaS services into an existing disaster recovery plan isn’t typically very difficult. Make sure that your backup service has proper access to the IaaS platform, and without any major adjustments, it should be a relatively smooth transition.

Configuring platform as a service (PaaS) solutions like Microsoft Azure for disaster recovery is trickier. Businesses looking to secure their Azure deployment will want to familiarize themselves with the term “zone.” A zone refers to distinct, fault-isolated data centers that you can use as a destination to replicate important data. Configuring zones can provide added protection against natural disasters in one data center by “failing over” to a backup center in another region.

Due to the complexity involved, most small and midsized businesses who want to integrate these cloud platforms into a reliable disaster recovery program will enlist the help of an outside consultant.

Start with an Audit and Careful Planning for Cloud Data Protection

As always, the best way to ensure that your cloud computing platforms are well integrated into your disaster recovery strategy is to run an audit to gauge your risk tolerance and find gaps in your protections.

One area that you’ll want to include in your DR plan that you might have neglected is the importance of telecommunications. Your team relies on your telecom infrastructure to access cloud platforms. Even the best configured, most advanced cloud service is useless without them.

Commercial telecom solutions are different from residential telecommunications. They come backed with specialized service level agreements (SLAs) that clearly outline what degree of uptime and availability you can expect from your telecom provider and what sort of recompense you’re entitled to if they don’t live up to that agreement.

Businesses in industries like healthcare and finance, where downtime can cause immediate financial damage or loss of life, may even consider configuring redundant telecommunications.

Is Your Business Ready for the Next IT Disaster?

The Complete Network team has been helping businesses in Albany, Charlotte, Bluffton, and Savannah prepare for network downtime and disaster for nearly two years. If your team wants help clarifying your disaster recovery solution for the cloud age, we’re here to help. Contact us any time at 877 877 1840 or [email protected].

How To Supplement Your Internal IT Team.

In an ideal world, technology would be a consistent source of competitive advantage and benefit for small and midsized businesses. The reality is that many fail to realize that confidence.

Without the right resources and support, even a highly skilled technology team can become overwhelmed by the growing list of technology management duties. When important tasks get neglected, it creates ripple effects throughout an organization that damage productivity and efficiency.

The co-managed IT services model solves these problems by providing your existing IT team with all the support and resources they need to successfully plan, manage, and defend your network technology.

This guide covers:

  • • Aligning technology with business goals
  • • Reducing churn while preserving institutional knowledge
  • • Empowering your staff to maximize productivity
  • • Achieving the highest level of cybersecurity defense

Download it for free by filling out the form here.