When data security is ranked as the leading challenge facing organisations that access and maintain data in cloud environments (above cost, complexity and lack of expertise), you know there’s an issue.
It’s one thing to rely on the standard backup and recovery tools available from a public cloud service provider (CSP), but what happens when most Australian organisations use three public CSPs on average? How do you juggle using three sets of tools effectively?
In truth, we believe you can’t – and you shouldn’t. Not if you value your business, and your data.
Why aren’t public CSP in-built tools enough to ensure cyber resilience?
While turning to a CSP’s in-built tools may appear to be a logical and cost-effective decision, they tend to offer only a basic level of coverage against the global flood of cyber-attacks, data theft and application outages. In addition, CSP backup and recovery offerings cannot scale, fully protect, or provide you with a unified view of your data across all your cloud environments.
With cyber resilience the new business imperative, it’s not a matter of safety in numbers. Having three times the tools doesn’t equate to three times the protection. Taking a fragmented approach to protecting your multi-cloud environment increases the opportunity for gaps to form in your security, backup and recovery efforts. As a consequence, organisational and reputational risk goes up – not down.
More frequent use of CSP tools is also associated with more operational downtime related to outages, application failures, human error, and even natural disasters. Despite 53% of Australian organisations agreeing that relying solely on CSP backup and recovery tools puts their organisation at risk, 55% use CSP tools all the time.
The only way to confidentially mitigate the impact of costly assaults on your multi-cloud environment is through third-party protection.
When it comes to CSP responsibility, you don’t likely know what you don’t know
Perception is a wonderful thing. But unfortunately, while you’d imagine that your CSP is responsible for protecting your data, that’s not the case.
Digging into the fine print of your end-user licensing agreement usually unearths that the CSP is only responsible for protecting the infrastructure, and that you are entirely responsible for protecting your data and workloads in that cloud environment. So, the offer of standard backup and recovery tools doesn’t even begin to cover your back – and your data – in case of a cyberattack. Times three.
Even using Microsoft or Office 365 doesn’t guarantee that your data is backed up in the cloud. Office 365 takes a shared responsibility approach. While they may store it, it’s your responsibility to control and protect it.
In our recent paper (2022 Research Report on Securing Your Enterprise in a Multi-Cloud Environment), we identified that 96% of Australian organisations didn’t realise who was responsible for what.
This brings us to the big question…
How can you be cyber resilient if you don’t have a handle on your cloud environments?
When you follow best practices for backup, data protection and disaster recovery, you are more cyber resilient. Best practice includes having a “3-2-1” backup strategy – one primary backup and two additional copies of their data, using at least two different storage mediums, with at least one copy offsite.
Backup timing is also critical – and this depends on what you’ve identified as your RPO (recovery point objective). For example, if you’re only taking data snapshots every 12 hours, can you afford to be without that data from 11hrs 45mins ago? Mission-critical data that hasn’t been backed up for more than 12 hours is more likely to be permanently lost in case of a ransomware attack or server failure. Yet, only 10% of Australian organisations are committed to continuous data backup, while 45% back up their data less frequently than every 12 hours.
While that ‘may’ work for some businesses, it certainly doesn’t for others. A case in point is law practice Colin, Biggers & Paisley, who says, “Losing even an hour of productive time costs a firm a great deal, and legal work never stops. It’s around the clock.”
Colin, Biggers & Paisley are just one of many Australian organisations that opt for solutions like Veritas NetBackup to ensure they are actively cyber resilient across single or multi-cloud environments. Such is the reliability of their Veritas backup and disaster recovery system that Colin, Biggers & Paisley proudly present the results of their twice-yearly data backup and DR audits to potential clients as a benefit of engaging with them.
In partnership with