Recently, evangelizing virtualization and cloud infrastructure saw me speaking to an organization IT head who seemed to have the most insidious idea that by moving to the cloud, companies won’t ever have to worry about IT issues ever again. Various other chats reveal that people have somehow gotten into their minds that since their data or their servers or their applications are somewhere else, all their conventional technology issues are magically solved: cloud providers will back up the data, update software, deal with security issues, and so on. I hate to break it to you bud; nothing could be further from the truth.
For every layer of the cloud (Infrastructure-as-a-Service, Platform-as-a-Service or Software-as-a-Service), the limits of the responsibility of the provider are clearly defined. In the case of infrastructure (IaaS), this limit is the hardware environment: the provider will guarantee network and hardware availability, and nothing else. Any other functionality is the sole responsibility of the user. You must set up backup for your servers, define and enforce any security policies, keep the systems updated, and do any other conventional server management task.
On the platform layer (PaaS), their responsibility is expanded: vendors offer a computing platform, roughly equivalent to an operating system, on the cloud. Their responsibility, therefore, goes as far as the functionality they make available. If you’re using a platform’s storage services, they will take responsibility for the availability of the data, replicating it as necessary, as well as for the performance of storage operations, and so on.
Finally, on the software-as-a-service layer (SaaS), vendors will take full responsibility for the entire application environment. This means not only the availability of the application and the underlying data, but also all the necessary infrastructure to make sure that they don’t lose your data, are hacked, or suffer any other issues that compromise your ability to access and operate the software.
Be that as it may, recent data breach incidents have proven that no datacenter is out of reach. Hence,organisations should get serious about their backup and restore process.Assuming someone else is backing up for you is a sure recipe for disaster.Some of the most notable incidents of 2012 were:
- Global Payments (credit card processing), had hackers gain access to 1.5 million credit card numbers
- LinkedIn had 6.5 million hashed passwords stolen and published online
- eHarmony had 1.5 million passwords swiped
- Yahoo had nearly half a million usernames and passwords compromised
- New York State Electric and Gas had 1.8 million customer records hacked
- Zappos had upwards of 24 million shoe-buyers impacted by a data breach
- U.S. Army records for 36,000 military personnel were hacked
While the security implications of data breaches are clear, and tremendous damage was done, we also know that most compromised records were not lost. Hackers don’t generally destroy data. For the most part, they copy and keep the data they’re interested in exploiting for future gain.
But that’s not always the case, as we learned when Wired writer Mat Honan had his accounts, which had been backed up to the cloud, hacked and deleted. As a result, Honan lost all of the data on his smartphone, tablet, and laptop – all of his e-mails,contacts, documents, and most unfortunately, the photos that recorded the first year in the life of his daughter.
What made the Honan case particularly compelling is that Mat, just like many of us, assumed that he was covered by having multiple copies of his data. Between his smartphone, tablet, and laptop, he had layers of data storage duplication. On top of this he assumed that by backing up to the cloud he was safe. Who would think to ask if the cloud itself is backed up?
A wise college professor once told me; "To get new ideas, read old books", thinking of a solution to this tech quagmire takes me back to my college Sophomore year; organizations shouldn't break from the classic Father-Grandfather- Son backup strategy even whilst enlisted in a cloud service. the surefire way to protect your organization's data(whether you adopt a public cloud, private cloud or hybrid infrastructure) is to take responsibility for your own backup.
Whether you do it yourself or use a backup as a service (BaaS) strategy, the time to implement your backup strategy is now!
For the love of Technology
As a friend of mine cared to remind me;The content above is simply "my opinion" to be weight alongside varying opinions and the facts therein.