Posts

Surprising Stats on Cloud Data Loss

Yes, you can lose data in the cloud!

Our friends at Backupify recently conducted a study, Protecting Data in the Cloud: The Truth About SaaS Backup, which revealed some very interesting results based on how IT perceives the safety and security of their cloud-resident data.

54% of IT professionals have implemented some form of SaaS applications

81% of IT pros that use or plan to use SaaS apps categorize the data stored in their SaaS apps as “very to extremely important”

52% of IT pros don’t currently back up their SaaS data (or even plan to)

79% of IT pros believe their SaaS application is being backed up by their solution provider

1 out of 3 companies using SaaS lose data

47% of SaaS data loss occurs from end-user deletion

17% of SaaS data loss occurs when an employee overwrites data

13% of SaaS data loss occurs when a hacker deletes data

47% of IT pros back up SaaS data with a manual export

15% of IT pros back up SaaS data with cloud-to-cloud backup

If you want to learn more about protecting your SaaS and cloud data, please send us a note.

Note: This post is based on a Backupify Blog Post, which you can see here.

 

Picking a Backup Solution is Missing the Point!

Data Protection
A 2013 study by The 2112 Group titled “”2013 State of Cloud Backup” found that small and mid-size interest in robust backup solutions more than triples after a significant data loss event, only 54% of SMBs felt that improved data recovery, business continuity, and IT reliability were sufficient motivators to deploy a new or improved solution.

Our perspective, is that focusing on backup misses the point entirely!

As we have blogged in the past: backup is easy; recovery is hard.  More accurately, the ability to recover and restore defines the value proposition.  Everything else about “backup” solutions — including the technology and methods — is irrelevant until you define the value of recovery and restore.

Stop thinking about Backup!  Instead, think about:

Continuity:  The ability for you company to continue to operate at an appropriately effective level during events that disrupt normal operations.   For some businesses, this means zero downtime.  For others, answering the phones and access to email may be sufficient for hours or days, or as an interim state until line of business systems come back online.  Still other businesses may need all systems up and running with 1 or 2 business days.

Recovery:  The ability to gain access to data and systems that became unavailable due to damage or failures.  Whether your disk array fails, a pipe bursts above your servers, or a virus eats through your files, recovery requires repair or replacement before systems and data can be restored.

Restore:  The ability to retrieve a prior version of data or a system.  Most restores are a result of user action or minor system issues.  How far back you need to go and the availability of past versions defines how long it will take to both retrieve the information and for the user to replace lost work, if any.  For some, a daily version meets the need.  For others, going back a day means resource-consuming rework so multiple versions each day are appropriate.

Focus on a building a Data Protection Solution and your required “Return to Operation” (RTO) time.  Remember that different parts of your business, different systems, may have different RTO requirements.

  • Assess your continuity, recovery, and restore needs and priorities
  • Understand the likely and not-so-likely risks to your systems and your business and create a “use case”.
  • Looking at each use case:
    • Identify changes to your IT infrastructure that could mitigate risk
    • Identify the type of solution that can provide the needed continuity, recovery, and restore services
  • Collate the use cases and solution types as your requirements

With requirements in hand, evaluating data protection solutions, technologies, and services becomes a manageable process.  Keep in mind, the data protection solution may include a mix of backup/restore, backup/recovery, archiving, disaster recovery, and other components.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 3)

Secure Cloud
This blog post is the third in a series on the data risks and solutions available for file sync and sharing services.

In the first two posts in this series, we focused on some of the risks and basic concepts for file sync and sharing services.  In this post, we focus on ways to mitigate risks.

Provide Employees with an Approved File Sharing Service. As we have noted in our prior posts, if you do not provide an approved service, employees will sign up for and use one of their own.  The difference?  With an approved services, you have access to your employees’ data and clear ownership of the information.  You can also monitor and manage for adoption, usage, and (if desired) adherence to policies.

Have a Clear Policy. Let employees know that personal and company data and systems are to remain separate, and why.  Provide a list of approved file sharing and sync services, as well as a clear an concise statement which other services may not be used (i.e., all others) and why.  The policy should include consequences for violations, along with a means for approved exceptions.

Block or Blacklist Unauthorized Tools. For many organizations without decent web filtering services in place, this recommendation will be difficult to implement.

Audit Workstations for Unauthorized Use.  Beyond application monitoring, when you scan workstations for application inventories, look to see if sync service agents have been installed.

With a moderate planning effort and reasonable monitoring and enforcement efforts, businesses can take advantage of the conveniences that file sharing and sync services offer, without exposing data to unnecessary risk and loss.

 

Cloud Backup: Small Businesses Hesitate at their Own Peril

Cloud Backup
According to a recent survey of IT service firms conducted by The 2112 Group, small and mid-size businesses (SMBs with up to 250 employees) do not respond to most marketing efforts.  The lack of interest appears to be due to underlying concerns about data security, bandwidth, availability, and recurring costs.

Not surprisingly, SMBs become interested in cloud backup after a data loss or downtime. Having experienced disruption or loss, SMBs better understand the cost of a failed recovery compared with the cost of adequate protection.

Businesses that move to cloud backup sited their primary motivations as:

  • Improved data protection and business continuity (34%)
  • Better overall IT reliability (20%)
  • Reduced IT costs (16%)

The challenge for us, as a cloud solutions provider, is to meet our customers’ objectives while addressing issues of security, bandwidth, availability, and cost.

The challenge for SMBs, as our customer or prospective customer, is to recognize the value of cloud-based backup before a crisis.  And, understand that by offering a range of solutions, we can ensure data integrity while keeping costs in-line.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 2)

Secure Cloud This blog post is the second in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Understand the Technology.  Many organizations are using file sync services to share and backup files.  A poor understanding of how file sync services, however, can result in data corruption and loss.

Sync Basics. Most sync services keep a copy of your files on your local machine and in cloud storage, with synchronization happening for files saved in specific directories on your local machine.  In other words, you open and work on files locally.  When you save them in a sync folder (or folder tree), the file will be synchronized with the version in the cloud.  Files may also be used and saved using more traditional upload and download techniques. If you share a file with another person, they will download, or sync, a copy of the file to their local desktop.  This means that if you both are editing a document at the same time, you are both working locally on different copies of the file.  While some sync services offer basic file locking, most will allow the conflict to occur.  Data may be easily lost as each person syncs and overwrites the changes of the other. Better sync services offer multiple level or permissions, allowing you to restrict access to view versus edit.  Some services will also prevent downloading and printing.

Sync versus Backup. File sync is NOT backup.  If you overwrite or delete a file, those changes are synced to the server and to other users.  While some sync services offer version control with a limited ability to retrieve prior versions, most sync services quickly propagate errors and deletions. As such, sync is not a reliable technology for data restores.

When to Sync? Sync and sharing services can be part of a robust business continuity strategy. With near-real time updates, a local or remote service outage does not mean loss of access to files, or loss of operating data. Sync and sharing services are also useful for sharing files with outside parties, provided your users understand the limitations of the service. If you allow the use of sync and share services, however, make sure your team is using a company-owned and managed account and a business grade service.  We will discuss why this is so critical in our next installment.

Previous Post in the Series

Cloud File Sync & Sharing: Risks and Solutions (Part 1)

Secure Cloud
This blog post is the first in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Failing to provide a secure, reliable service, puts your data — and your business — at risk.

Case Study 1: Inside Sales Disappear

An inside sales representative at a B2B industrial supply company was signing on new customers.  While the contract were all boilerplate, the rep use a personal Dropbox account to share them with customers for signature and to store them once signed.  After failing to be promoted, the rep quit the firm.  The company had no copies and no access to dozens of customer agreements.

Case Study 2: Order Management Gone Wrong

A customer service rep was using a personal file sharing service to send/receive credit card authorization forms with customers and, unintentionally, his family.  The company became aware of the problem (and PCI violation) when a customer called to inquire about an attempted electronics purchase the day after they had provided the form.  The rep’s teenage son had attempted to make an online purchase with “credit card number in Dad’s account.”

Case Study 3: No Backup = No Restore

A CEO recently contacted his IT department, asking that  they restore several critical files needed for a business meeting the next day, as he could no longer find them.  After searching several iterations of backups and audit logs, they informed the CEO that the IT team could not find any indication that the files had ever existed. The CEO had created the documents locally on his PC, then placed them in a personal file sharing service so that he could access them while traveling.  Without any protection, restoring the deleted files was impossible.

While these examples may seem extreme, if your employees are using personal, unsecured file sharing services, they may already be happening to you.

Back in September, we posted about the increasing problem of rogue cloud services.  Over the course of this series, we will look specifically at cloud-based file sharing services, their risks, and solutions that protect your data, your reputation, and your business.

Web Weary? Malware May Be the Reason

 

This blog post is the third in a series on Data Protection issues and practical solutions.

Mag_GlassBy some estimates, as many as 60% of search results are tainted with malware, attracting users to infected sites and putting your systems and data at risk.  While not every infection poses a threat, the industry consensus remains that web-resident malware is on the rise.

The problem is large enough that Google Chrome users now receive warning screens, letting users know when legitimate sites have been compromised.  Google has also launched a service to help hacked web sites recover, and regain users’ trust.

While web site owners struggle to keep web sites free of malware, visitors remain vulnerable.

Fortunately, businesses can protect themselves.

Web monitoring and filtering services offer protection from malicious code embedded in web sites and allow businesses to track web activity across their networks.  Advanced web filtering services also help business manage the use of web-based applications and can monitor other web activity.

Incorporating web monitoring and filtering into your computing environment adds an additional layer of data protection.  In addition to protection from malware, web monitoring and filtering gives businesses additional control over web usage and provides a mechanism for enforcing policies and procedures.  And, for most businesses, the value of this protection should outweigh the additional cost.

 

 

Viral Spread of Cloud Creates New Challenges


This blog post is the second in a series on Data Protection issues and practical solutions.

Data Protection SeriesAs discussed in a recent TechRepublic Blog Post, cloud computing vendors are enabling the spread of on-demand software outside the control of the IT Department.

It is easy to see how it happens.  Somebody signs up for a service in order to complete a task that they cannot (or do not know the can) do with their current system.  They share the solution with co-workers, and, before you can say monthly recurring fee, the company must decide if this new tool is a de facto standard and should be included in the formal IT ecosystem.

Aside: On the one hand, shame on the users for not asking first.  On the other hand, shame on IT for not understanding the users’ needs and providing solutions with either current or new technologies.

The challenge becomes managing these services and making sure they are secure.  Beyond deciding who, why, and when services may be used, these services may create real security risks.

In the Google Apps environment, users can install any one of hundreds of third-party applications, many of which request and require access to user data.  While most applications only request and use the access they need, many request permissions that can inadvertently expose critical data such as sensitive documents and contact information.

Solutions

To mitigate these risks, it is important for the IT team to review and evaluate all new applications and companies should have policies through which they can enforce this rule.  In return, the IT team must be held accountable for responsiveness.

In addition, it is wise to monitor your environment for new software.  For you in-house systems, free tools like Spiceworks, will update you with scheduled scans of all systems.

Within your Google Apps ecosystem, Cloudlock App Firewall, provides you with the ability to both monitor and manage which applications are running in your environment.  The App Firewall reports the level of data exposure by application and reports applications added by user and well as by application.  You can mark applications as approved, blocked or not trusted.  You can revoke permissions, effectively disabling applications as well.    The system also provides guidance, letting you know how other companies have rated applications.

Conclusion

While users will continue to look for apps, the IT team can and should be ahead of the curve.  Additional tools, however, can help monitor and manage applications, which will mitigate risk, enforce company policies, and meet regulatory requirements for data protection.

 

For more information about Cloudlock App Firewall, please contact us.

3rd Tues @ 3 Webcast: Protecting Data in Google Apps

 

For those running or considering Google Apps, Google’s highly redundant, multi-tenant infrastructure protects data from nearly all risk of loss or corruption due to hardware or system failure.  Understanding the other risks to our data lets us decide when and how to better protect ourselves.

In this live web event, Allen Falcon, CEO of Cumulus Global, will discuss the business risks and use cases that drive the need for data protection and data loss prevention and will look at practical, affordable solutions.

Joined by experts from Backupify and Cloudlock, Falcon will overview and demonstrate affordable solutions for creating a secure and protected data ecosystem using Google Apps and Google Drive.

And, as always, there will be plenty of time for your questions.

Click Here to Register or for More Information.

 

Cloud Security Focus Shifts to Data Protection


This blog post is the first in a series on Data Protection issues and practical solutions.

When companies began moving to cloud computing solution, a great deal of time and anxiety was spent on security.  For most considering the move, the questions were basic: Will my vendor access my data?  Will my vendor prevent unauthorized access to my data? How secure is my connection to my data? With the maturing of security standards (SSAE-16, ISO 27001, FISMA, and others), these fundamental questions are less of a concern to most businesses.  Top tier providers not only create secure infrastructures, but build commitments to customer data security and integrity into their contracts, Terms of Service, and Service Level Agreements, or SLAs. That said, security in the cloud requires thought and planning.  In addition to basic access concerns, organizations need to be as vigilant with cloud-based data as they are with in-house data when it comes to data integrity, exposure, and loss prevention.  Holistically, the focus should be “Data Protection”. As we look at Data Protection in this blog series, we will focus on the areas of greatest risk to your data:

  • User Identity and Account Security
  • User Actions — accidental and malicious
  • Data Leaks /Permission Errors
  • Mal-ware
  • Rogue Applications

For each of these issues, we will look at how the risks change (or not) when data is in a public cloud service, as well as practical solutions for mitigating the risks.

library

Nothing Found

Sorry, no posts matched your criteria