Cloud Providers and the Safety of Your Data
Introduction
The core advantage of the cloud for a small business is that many IT management tasks, formerly handled by each individual business, can be handled at scale now by a third party. These tasks include purchasing and maintaining server hardware, managing server operating systems, and purchasing and installing the application software that enables your users to get their work done. If you've gone all-in on the cloud, you no longer worry about keeping your server room cool, a power outage crashing your systems, fixing failed components or vexing software problems, applying patches, or when to upgrade when your servers get too old.
Your data, however, is still entirely your responsibility. Cloud-based platforms and applications provide the tools to create and edit documents and spreadsheets, sort and archive e-mail, generate reports from databases, create virtual machines, manage application code, and manage permissions. But it's still on you to do it. Not only won't cloud services providers manage your data and sharing settings, in most cases they legally can't.
The threats of unauthorized access, accidental or malicious erasure or corruption, or loss due to hardware failure, and the means by which these threats may be realized, are all still there. In fact, these can be even greater in the cloud. Here are four reasons why:
- Since cloud computing involves renting storage, your service usually includes mechanisms, which wouldn't exist on your own equipment, to automatically delete data after a period of time. Most commonly this happens when your administrator deletes a user without considering how the cloud service handles the e-mails, files, or other data that are tied to that user.
- Cloud applications work differently from desktop file sharing and e-mail applications, and functionality can change, outside your control, as the service provider implements improvements to stay ahead of the competition. As a result, users are more likely to accidentally wipe out data just by doing their regular work, and sometimes, surprisingly, it is not recoverable.
- Cloud systems are designed for easy and broad access. Because of this, it can take more effort for your administrator to limit access than was required with on-premises applications. If anything is overlooked, you may have a number of people able to access your files that you are not even aware of, let alone approve.
- Because of the potentially greater likelihood of misconfiguration of cloud applications, and since cloud systems hold data from a vast number of businesses of many types, criminals are more likely to target cloud services providers for data theft or malicious destruction than your individual network.
To mitigate all of the above, implement business processes to perform these two major functions with relation to your cloud services: backup, and management of sharing and permissions.
Backup
A proper data backup involves:
- Making a consistent copy of your data to a completely different storage system from its ordinary location.
- Managing the frequency and retention time of backups. You should be able to restore files (and e-mails) as far back as you need to in the event a file (or mailbox) is corrupted and nobody notices until long afterwards. At the same time, you must ensure that backups are done often enough so too much recent work isn't lost when restoring files and e-mails immediately after a data loss event.
With on-premises servers and storage devices, you may do this by copying data to tapes or other removable media on a rotation, or to dedicated backup storage in the cloud. If your equipment fails, a file is found to be corrupted, or your data is wiped out, you can restore it from the tapes or cloud backup provider.
Cloud-based applications may include some capability to recover files that have been corrupted or accidentally deleted, but these features do not replace the need for a true backup. For example, Google Docs keeps separate versions of a document each time a user syncs changes from his device; if two users edit the same file offline and then one overwrites the other's work, both files can be opened and the changes reconciled. However, file versions for Google Docs are automatically deleted after a time which you can't control. In addition, restoring files to previous versions in Google Docs is a manual process that must be performed on one file at a time. So if a user is hit with malware that encrypts all his synced Google Docs files, the downtime required to revert them all may be intolerable.
Also, if a file is wiped out completely, either because a user deletes it or in the rare case of a system error within Google's systems, you may be unable to recover the information at all. For example, if you copy a folder to your Google Drive that was shared by another Google Drive user, and then delete it from your Drive, you may find that both you and the owner can't see it, and it can't be recovered from the trash. Even the Undo function won't work, and Google can't help you.
Here's more. As mentioned above, cloud storage providers will automatically delete data in certain instances. This often happens when user accounts are deactivated. Because cloud systems charge monthly or annually per user account, businesses tend to delete cloud user accounts as soon as they're not needed, instead of locking the account or changing the password as you might with on-premises systems. Your administrator must know whether to transfer ownership of files from a departed user to another, or to a centralized archive. And doing so is often not easy, or even possible, depending on your cloud platform's capabilities. We have seen instances where companies have lost data due to this, which would have been recoverable with a good backup solution.
Cloud providers do backups, of course. But these are opaque to us; they only serve the cloud provider's resiliency requirements, and not necessarily to protect your data from your actions or even their own failures. In other words, their backups focus on availability, not integrity. This is indicated in the terms of service of common cloud applications, which may offer billing credits for downtime, but explicitly disclaim any accountability for your data.
To back up data from the cloud, your best bet is to sign up with a third-party cloud provider that automatically pulls data and stores it on a separate platform. Engage a knowledgeable IT professional to ensure all of your data is backed up, and to monitor it and fix any failures or errors. Your backup will need to be monitored and evaluted just the same or even moreso as on-premises backups, since users and administrators in your company can so easily move data to applications within your cloud provider's service that you may not have configured for backup (or didn't exist just last week), or even move data to a completely different cloud provider.
In addition, with the cloud, you must make extra effort to ensure your data is truly copied outside your cloud provider's system. For example, if you store information in Amazon S3, don't use a backup provider that uses Amazon S3 to provide their services, or you could lose both your data and the backups if there were a catastrophic failure in the Amazon S3 facilities.
You need to evaluate the capabilities and reputation of your backup provider. There are options to back up files, e-mail, contacts, calendars, and websites, and even to integrate with cloud database systems such as Quick Base, Salesforce.com, and NetSuite to perform application-consistent backups of data tables, their relationships, and custom input forms and reports. Consider also that cloud-to-cloud backups double the potential for a data breach in a cloud provider exposing your data; the backup provider you choose must have a robust approach to information security.
It's not just data you need to consider for backup. If you use cloud platforms for virtual machines, or for mobile device management, or for anything else besides file storage and basic user applications such as e-mail, you must consider what you will do if one morning you log on to the system and everything is gone. Assuming the cloud provider will restore all of it for you is probably not an adequate plan, and wondering why it happened won't help you at that point. You have to figure out now how you would recover from such a disaster, and understand that the mechanisms by which you do so are more complicated in the cloud than a plan to recover from your own servers crashing, since you don't own or control the servers, platform software, and backend databases hosted by your cloud provider.
Permissions and Sharing Management
With conventional file shares based on Microsoft Windows Server, system administrators assign permissions. But with file sharing systems like Box, OneDrive, Google Drive, etc., unless you take steps to disable this, users can share their files or entire folders with anyone in the world with a few clicks. And, once a file is shared, many of these systems do not make it easy to get a list of all the files that a particular person has access to, or to disable a given external user from accessing files. And the user continues to have access to the file where it is stored, meaning future updates to the file can be seen by the person with whom it was originally shared, something your users should be aware of.
Not only that, many systems enable sharing a file via just a web link, which doesn't require anyone to verify their identity. Users, without proper training or restrictions, often send such a link to a business partner intending to share with that person only, not realizing that the partner can forward the link to anyone, and the file is essentially open to everyone. That kind of access to an active file is not possible with on-premises storage and file sharing systems.
Even apart from sharing, cloud systems make it very easy for a user to download your company data to their personal devices or home computers. This is possible, of course, with conventional systems and VPN-based access. In either case, data stored on devices owned by your employees must be considered insecure. It is your responsibility as a business manager to ensure that this is controlled, and this is best planned and implemented before moving your data and operations to the cloud.
Even if you limit the ability for users to share files, they can still send out copies via e-mail. This is nothing new, and not related to the cloud era. When a file is e-mailed, the recipient doesn't have access to the original file or folder it's in, or anything that might be updated in the file or added to the folder. But, because of these limitations and thanks to the easy availability of cloud services to anyone, users often sign up for personal cloud storage accounts, copy company data files or entire folders there, and then share them with third-parties for co-editing, without the knowledge or approval of management. If this is of concern, you must implement security procedures and technical solutions to control this.
Data Loss and Spillage Incidents
Despite the vast investments in resilience and information security made by the major cloud services providers, data loss and exposure can still happen, whether by software flaws, hardware failure, natural disaster, or a mistake by an employee of the cloud provider. Here are some examples.
- In 2011, Amazon's EC2 cloud platform had a crash that took many of the hosted websites and cloud applications offline for days, and wiped out some data permanently.
- GitLab, a site that holds software source code, lost several hours of their customers' work in 2011 when a GitLab administrator deleted hundreds of gigabytes of data he wasn't supposed to.
- Also in 2011, Dropbox accidentally exposed a method by which anyone could access any user's files without restriction. Then, in 2014, the Dropbox Selective Sync application was found to delete files permanently if the program were shut down in the middle of a sync, causing some users to lose data that couldn't be recovered.
- In 2014, Microsoft Azure storage was found to lose data stored there by Microsoft SQL Server 2014 in certain configurations, due to a software flaw. A cloud services provider, Dedoose, which used Azure to support its analytics applications, lost some of its customers' data permanently due to this, and afterwards implemented the kind of backup system recommended in this article.
- Around the same time, AMAG Pharmaceuticals reported that someone tried to move their HR folder in Google Drive and, probably due to the quirk described above, it disappeared completely. They were able to recover it, but only because they had a third-party backup solution.
- In 2015, lightning blasted the electrical systems serving a Google data center in Belgium, causing a power outage that wasn't sufficiently protected by battery. The storage systems didn't have sufficient resilience not to lose data in case of an unexpected sudden shutdown. As a result, some users' files were gone for good.
- In 2017, a Cisco engineer accidentally wiped out data in their Meraki cloud-based wireless access point and telephony management system, including phone system audio files (hold music, voicemail greetings, and IVR menu announcements), as well as custom floor plans and device placement photos that customers had uploaded for wireless management. Cisco restored some of the files that happened to be in an operational cache, but most information was lost permanently, as Cisco had no backup in place to protect against the kind of error the engineer made.
These are only the incidents that make the news. There are countless other incidents, as you can learn from browsing forums, of businesses small and large accidentally losing data because of glitches in cloud services, or users accidentally wiping out files, that weren't recoverable because the service providers don't offer backup that meets the customer's requirements.