Cloud data backup services minimize outage, security risks

Cloud data backup services on leading platforms

Google and Amazon Web Services (AWS) offer separate storage spaces for backup at a low cost. Google's Coldline offering is disk based, which makes data access quite fast. AWS's Glacier service uses tape libraries, with access to data typically taking one to two hours. Amazon says Glacier will move to disk, but some might argue that the tape delay is, in fact, a benefit for protection, since it delays hacker access to data.

Microsoft offers its own automated backup service, Azure Backup, which creates a Recovery Services vault for backed up files, but only within the same Azure region. While the tool is easy to use, this model does not meet the second media rule. To work around this, you can use a third-party backup tool integrated with, for example, Scality's portal from Azure to AWS Simple Storage Service (S3) object storage.

For many users, this S3 approach meets both the second media requirement and enables them to keep three copies of a backup, with one of them in a different location to provide disaster protection. As long as the data stored in the cloud object store is digested by a backup tool in another format, you can prevent data hacks on read contents -- assuming, of course, that the backup is encrypted with keys that are unique to the backup system. Don't use the same keys for the source data, and restrict key access to just a few authorized admins.

Even in this model, you still need to protect against malicious erasure of these S3 copies. To ensure stronger protection, use continuous automated backup coupled with perpetual storage. The latter should be an option in any backup storage tier in the cloud, and requires a human-human interaction or two-factor authentication to delete backup files. Packages like S3 Backup offer this.

Continual snapshots and other forms of automated backup

If you don't require the second media rule, continually snapshot the data flow to ensure protection. Continual snapshots are a form of perpetual storage, since all changes increase data volumes and nothing is erased or directly overwritten. Snapshots can slow performance, but they let you roll back data to any point in time -- something that is especially useful with ransomware attacks.

Google offers snapshots on its storage, while Nasuni provides a third-party option that works with the top cloud service providers.

Snapshots can slow performance, but they let you roll back data to any point in time -- something that is especially useful with ransomware attacks.

After you set up snapshots, they require very little admin input, and recovery is fast. However, to maintain data access during an outage, implement these snapshots in different cloud regions and availability zones.

There are many third-party automated backup packages on the market, as well as backup as a service (BaaS) providers who offer backup on their own storage. The leading software packages, such as Commvault, CloudBerry, Nakivo and Druva, are all cloud data backup services that can operate in a hybrid environment. Veeam also offers N2W's Cloud Protection Manager as a backup tool for AWS. All of these packages enable you to set up backup sources and destinations, and then leave them to run on schedule. They provide data compression and encryption options, too.

Rubrik offers a BaaS tool, as does Unitrends, that also supports data migration between AWS and Azure. Migration to other clouds will become standard in these backup services in the near future, making that second media requirement easier to achieve.