With all the hacks and breaches that occur today, enterprises are reminded of the importance of cloud data backup...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Backup's purpose, in general, is to make a copy of important data and write it to a different media -- or different storage system -- than the data source. This prevents a hack from damaging both the original source and the backup data.
To meet that second media requirement, many organizations create backup volumes on a public cloud. However, if you also have source data in the cloud, a backup to the same public cloud carries risk; both the source and backup data can become compromised or unavailable, as some recent cloud outages have shown. However, large public cloud providers operate in multiple data centers, which enables users to geographically disperse their source and backup data.
There are also cloud data backup services that offer their own, separate cloud storage as a second form of media, as well as ways to back up data in one public cloud to another cloud platform.
Cloud data backup services on leading platforms
Google and Amazon Web Services (AWS) offer separate storage spaces for backup at a low cost. Google's Coldline offering is disk based, which makes data access quite fast. AWS's Glacier service uses tape libraries, with access to data typically taking one to two hours. Amazon says Glacier will move to disk, but some might argue that the tape delay is, in fact, a benefit for protection, since it delays hacker access to data.
Microsoft offers its own automated backup service, Azure Backup, which creates a Recovery Services vault for backed up files, but only within the same Azure region. While the tool is easy to use, this model does not meet the second media rule. To work around this, you can use a third-party backup tool integrated with, for example, Scality's portal from Azure to AWS Simple Storage Service (S3) object storage.
For many users, this S3 approach meets both the second media requirement and enables them to keep three copies of a backup, with one of them in a different location to provide disaster protection. As long as the data stored in the cloud object store is digested by a backup tool in another format, you can prevent data hacks on read contents -- assuming, of course, that the backup is encrypted with keys that are unique to the backup system. Don't use the same keys for the source data, and restrict key access to just a few authorized admins.
Even in this model, you still need to protect against malicious erasure of these S3 copies. To ensure stronger protection, use continuous automated backup coupled with perpetual storage. The latter should be an option in any backup storage tier in the cloud, and requires a human-human interaction or two-factor authentication to delete backup files. Packages like S3 Backup offer this.
Continual snapshots and other forms of automated backup
If you don't require the second media rule, continually snapshot the data flow to ensure protection. Continual snapshots are a form of perpetual storage, since all changes increase data volumes and nothing is erased or directly overwritten. Snapshots can slow performance, but they let you roll back data to any point in time -- something that is especially useful with ransomware attacks.
Google offers snapshots on its storage, while Nasuni provides a third-party option that works with the top cloud service providers.
After you set up snapshots, they require very little admin input, and recovery is fast. However, to maintain data access during an outage, implement these snapshots in different cloud regions and availability zones.
There are many third-party automated backup packages on the market, as well as backup as a service (BaaS) providers who offer backup on their own storage. The leading software packages, such as Commvault, CloudBerry, Nakivo and Druva, are all cloud data backup services that can operate in a hybrid environment. Veeam also offers N2W's Cloud Protection Manager as a backup tool for AWS. All of these packages enable you to set up backup sources and destinations, and then leave them to run on schedule. They provide data compression and encryption options, too.
Rubrik offers a BaaS tool, as does Unitrends, that also supports data migration between AWS and Azure. Migration to other clouds will become standard in these backup services in the near future, making that second media requirement easier to achieve.
Choose the best backup option for cloud apps
Don't overlook the importance of a backup strategy
Remember to test your cloud-based DR plan