Why back up
the Cloud?
The introduction
Always backup your data, even if it is in the cloud. The 3-2-1 rule of data protection says – keep three copies of your data, on two different media, from which one is located offsite. When your primary storage is a cloud storage, you still need to follow the rule. This fact is often overlooked by many companies and individuals.
With a rapid pace of technology evolution and data growth, businesses of all sizes are moving their traditional IT architectures to the cloud. Meeting the business needs forces companies connecting their IT infrastructures to the cloud. This allows achieving efficiency and scalability for business processes, but with more business critical data being collected, analyzed and stored in the cloud, new security issues evolve. Although migrating to the cloud is fast and affordable, companies should review their security policies and data backup strategy to ensure cloud as a primary storage is protected and data can be restored.
This paper observes threats and solutions for critical data stored on IaaS (not SaaS or PaaS) platforms such as Amazon Web Servicese (AWS), Windows Azure and Google Cloud Platform.
Guaranteed 99.99% uptime and geo
redundancy
If you consider biggest players in Cloud market, chances are that their backend
infrastructure is far more sophisticated than traditional on premise IT infrastructure in you company. Cloud infrastructure is designed to ensure protection of the service from any kind of disasters and deliver 24/7 availability.
However, you are unlikely to meet any terms in the service agreement that guarantee protection of users’ data /content. You are still responsible for your own data: for maintaining backups of your data, archiving and keeping access to your account secure. In other words - your data is still at risk of being lost due software corruption, hacker or insider attack, user error and hardware failure of the cloud provider e.g. storage node failure.
What can happen to data in the cloud?
Most of the below is data corruption caused by human interaction. You clicked the wrong button, uploaded old files, or fired an admin who still has access to the account and deletes all the data – cloud provider usually does not guarantee any backups of your data. Here is what can happen to your data:
Why back up the Cloud?
Hacker attack puts
Code Spaces
out of business.
Hacker attack. No matter how secure you think you are, authentication is
always the area of exposure that can compromise a secure data storage. Once an outsider is authenticated into the cloud he has access to the data stored there.
User error. Incompetence that leads to a data loss, accidental deletion or other.
Here is a couple of real life scenarios:
“The company has suffered a complete data loss and has been forced out of business by an attacker that gained access to their Amazon EC2 control panel and deleted all
the EBS snapshots, S3 buckets, AMI's, some EBS instances and several machine instances”.
Source: http://www.codespaces.com/
You can read more https://forums.aws.amazon.com/search.jspa?q=lost+data&x=0&y=0 While updating the website, admin mixed up production and test instance windows and ran a query that erased the critical table.
After rebooting the EC2 instance almost 99% of the data on the mounted EBS block is lost. Mysql database files on the EBS block and those are lost as well. EBS instance retired with all data gone.
How to protect cloud data?
Remember the 3-2-1 rule described at the beginning of the paper? You need to con-sider standard backup practices for the cloud data storage to ensure data protection. As always, data protection comes at extra costs and you need to choose the tactics that would better suite your RTO and RPO needs. Here is what you can do:
Why back up the Cloud?
Malicious Insiders. When senior staff quits or gets sacked, these people tend to
retain some corporate secrets and other classified information that might be used against your interests in the future. If they feel like they have been mis-treated, underappreciated or unfairly offended, they may abuse their knowledge to harm your assets, including gaining access to online storage and erase its data. It is always recommendable to regularly change your account passwords, espe-cially when key personnel lose their job.
Hardware failure. 99.99% uptime and secure access is great, but when it comes
to the data – usually there are no SLAs provided. Yes, even the most robust infra-structures may suffer from the admin error or hardware error on the backend. You may read posts like: “I've lost all my data on my EC2 since the issue in Ireland. And no snapshot have been created. So my site is totally down. Help!” You are responsible for properly configuring and using the cloud service and taking your own steps to maintain appropriate security, protection and backup of your content.
Cloud backups
Cross-account cloud backup. Back up your data to another storage bucket with fixed geo location in another country. This is not ideal, but allows you to stay within one cloud
vendor and remove extra access/configuration hassle.
Cross-provider cloud backup. With different cloud provider, you get the advantage of completely separate infrastructure with its own access rights and availability guarantee. Offline backups
Cloud to local backup. Make sure that you do have a copy of your backups offline, with no access from the internet. This is one of the use cases for tapes.
Access policy
CloudBerry Backup solution
Recognizing the power of cloud storage and striving to make its usage more conveni-ent, reliable and secure, CloudBerry Lab offers a simple yet efficient solution for inter-cloud backups and inter-cloud-to-local storage replication. The solution features the follow-wing capabilities
In case the Amazon Web Services is selected, CloudBerry Lab solution needs to be installed on a target EC2 host which will be used as a primary node from which the backup data will be copied onto the secondary account. The data is first sent to the machine running the CloudBerry software and then seeded to the destination
account. If the duplication is performed via a local machine, the process will last much longer because it will involve external traffic.
Cross-account data duplication inside a single service provider.
Why back up the Cloud?
Amazon EC2
Amazon S3 Amazon S3
With CloudBerry Backup, the data residing on the servers of one provider can be repli-cated on the storage platform of another provider, for example AWS-based data sent to Azure. To achieve optimal performance, the server of a primary provider should be used as an intermediary node when transmitting data to the backup account.
Data duplication across several cloud storage services
With CloudBerry Backup, the data residing on the servers of one provider can be repli-cated on the storage platform of another provider, for example AWS-based data sent to Azure. To achieve optimal performance, the server of a primary provider should be used as an intermediary node when transmitting data to the backup account.
Local storage mirroring
Why back up the Cloud?
Amazon EC2
Amazon S3 Blob Storage
Why back up the Cloud?
GETTING STARTED
To learn how CloudBerry Lab products can help you optimize your storage
opera-tions and protect data by using several backup destinaopera-tions, download this trial copy of CloudBerry Backup and improve your security stance today!
CONTACTS
Website: http://www.cloudberrylab.com/
E-mail: [email protected]
