How to Protect Data in the Cloud

Recently, a shocking incident highlighted the critical need for robust backup and disaster recovery strategies. Google Cloud accidentally deleted UniSuper's account due to an unprecedented configuration mistake. This incident, involving a major cloud provider, resulted in significant disruption for the Australian insurance company managing over $125 billion in funds and serving more than 600,000 customers. Fortunately, UniSuper had a solid backup strategy in place, enabling them to recover within a week and save their business from potential disaster.

This incident underscores the importance of having a comprehensive plan to protect against data loss and ransomware attacks. Improper architecture and insufficient risk mitigation measures can lead to catastrophic data loss and customer erosion. Trusting even a reputed cloud provider without a contingency plan can be perilous, given the evolving threats of malware, ransomware, business rivalries, data theft, supply chain attacks, and natural disasters.

Designing a Resilient IT Infrastructure

A resilient IT infrastructure is crucial for businesses of all sizes. Here are key strategies to consider:

1. Infrastructure Automation: Automate everything possible using Infrastructure as Code (IaC) and GitOps principles, with zero-touch deployment and self-healing mechanisms.
2. Segmentation: Maintain clear separation of environments and logical entities within those environments to minimize risks.
3. Principles of Least Privilege and Just-in-Time Access: Limit access rights for users to the bare minimum necessary and grant elevated privileges only when absolutely necessary.
4. Hybrid Approach: Employ a multi-cloud or hybrid approach, combining on-premises and cloud solutions to enhance availability and resilience.
5. Strong Governance, Processes, and Documentation: Implement stringent governance and maintain thorough documentation of processes.
6. Diligent Review of Changes: Ensure all changes are reviewed meticulously, tested in non-production environments, and automated for deployment.
7. Solid Backup and Disaster Recovery Procedures: Regularly test backup and disaster recovery procedures to ensure their effectiveness.
8. Secure Backup: Last but not the least, the backup should be encrypted at rest and transit.

The 3-2-1 Backup Strategy

One of the most reliable backup strategies is the 3-2-1 backup strategy. This approach involves maintaining three copies of critical data: two offline and one remote. Let's delve into the details:

Offline Copies (2)

The first two copies are stored on separate devices or media, such as:

• Additional Hard Drive: A extra hard drive that can be easily taken offsite.
• Tape drives: Multiple copies of media containing the same data, stored in different locations.

These offline copies are crucial for protecting against physical damage, theft, or loss. For instance, if a natural disaster destroys your primary storage, having two offline copies ensures data remains intact.

Remote Copy (1)

The third copy is stored in a remote location, such as:

• Cloud Storage: Services like Amazon S3, Microsoft Azure Blob Storage, or Google Cloud Storage.
• Offsite Data Center: A secure facility that stores backup data and provides 24/7 access.

This remote copy ensures data protection against physical damage, theft, or loss at the primary storage location. For example, in case of a fire at your office, a remote copy guarantees data safety.

Benefits of the 3-2-1 Backup Strategy

The 3-2-1 backup strategy offers several benefits:

• Data Protection: Multiple copies of critical data protect against loss or corruption.
• Business Continuity: In the event of a disaster, multiple data copies enable quick recovery and minimize downtime.
• Compliance: Adhering to regulatory requirements for data backup and storage becomes easier with this strategy.

Implementation Steps

To implement the 3-2-1 backup strategy:

1. Identify Critical Data: Determine which data is most critical to your business operations.
2. Choose Storage Options: Select suitable storage options for each copy, considering factors like capacity, accessibility, and security.
3. Schedule Backups: Set a regular schedule for backing up data to ensure all copies remain up-to-date.
4. Test Restores: Periodically test restoring data from each copy to ensure the process is successful and efficient.

Conclusion

Mistakes happen, and it's impractical to blame anyone. Instead, focus on setting up measures to prevent recurrence. A thorough review, audit, and preparation against potential failures is the best strategy to avoid such incidents and mitigate risks. Robust backup and disaster recovery strategies are not just an option but a necessity in today's threat landscape. Google cloud shared the details of the incident along with the learnings which strengthen the idea of robust backup and risk management.

Some of our clients [case study] are protecting against such threats using cloud native backup and disaster recovery products like Kasten or Velero. Our team has been helping our clients with audits, implementing backup and DR solutions and doing the DR tests. Reach out to us to discuss further.