Go to Top

Avoiding data loss in the cloud

Cloud Security

The benefits of cloud computing are clear. Data can be stored in the cloud and accessed virtually anywhere at any time. It can also be easily replaced and reduce IT costs. However, small and medium enterprises (SMEs) are not benefitting from its full potential yet. While some have fears of data loss or virus attacks, which prevents them from using cloud storage, others are blindly entrusting their data to the cloud. What many companies don’t know is that data recovery from the cloud is successful in most cases. Namely when certain technical, security and legal aspects are considered in advance.

A technology that initially seems vague to many users always has a greater acceptance in German companies. Public cloud computing is replacing the proprietary server with storage, computing capacity and software as a service delivered over the Internet. There are experts, such as Dieter Kempf, President of Bitkom, who are predicting that cloud usage could soon become an important competitive factor (article in German). Small- and medium-sized business would particularly benefit from the addition of its many technical advantages as well as reduction in costs. Not only does the high initial investment for hardware disappear, the follow-up costs also remain manageable as the amount of IT training is reduced and companies require significantly less employees to install and maintain their systems, and the software licence fees remain consistent or predictable.

Cloud Monitor 2013, the survey conducted by the branch association, Bitkom, and the international audit company, KPMG, shows that 65% of large enterprises in the IT and telecommunications sector rely on cloud services as well as 44% in the transport and logistics sector. Services on private cloud are increasingly popular among listed companies. Consequently IT services run on company servers. According to the report, 83% of the companies surveyed have had a positive experience. For services in the public cloud which are outsourced to external providers, at least 74% of companies are reported to be benefitting from the new technology. However, small- and medium-sized businesses are often reluctant to entrust their data to external cloud providers despite the advantages that the cloud could offer them. Kempf is convinced that SMEs could reach a much higher level of security using cloud services rather than in-house IT systems. However, they would be required to become aware of the risks and the appropriate precautionary measures involved.

The risks associated with cloud are real

The risk of data loss or attacks by hackers and viruses is hidden in the cloud.

“What’s more, cloud computing can easily result in data protection issues because it’s difficult to find out where the data is being saved,” says Jim Reinert, Managing Director and Data Recovery and Information Management Specialist at Kroll Ontrack. The expert also points out that another risk is that sensitive data is repeatedly and unintentionally exposed via providers, administrators and other cloud users. According to another study from Kroll Ontrack, in which IT professionals from various enterprises and IT companies were surveyed, 62% of participants are already using the cloud. However, only a third of them have prepared a data recovery plan with guidelines for emergencies.

Controlling validity and accessibility, and hosting sensitive data internally

The importance of an emergency plan becomes clear when the additional risks are considered. Whether data is stored on classic, virtualized or cloud storage solutions, no company is immune to loss. “Backup systems are also never 100% reliable,” says Böhret, Data Recovery Specialist. “Additionally, it can also happen that important data from the previous backup was not backed up.” As companies are increasingly using the cloud for core business functions, it goes without saying that they also need virtual backup systems. It is important to remember that the standard contracts of cloud providers include extensive disclaimers for damaged, deleted, destroyed or lost files. Service Level Agreements (SLAs) are currently the only exception. Therefore, the validity and accessibility of data should always be closely monitored. Companies should also make sure that the servers of the cloud provider are in Germany as liability and the current debate on data protection are necessary considerations. Experts are even recommending the data is prioritized and particularly sensitive information remain hosted in-house, just to be on the safe side.

Data recovery specialists should be included from the beginning

If a company decides to go for a cloud solution, it is important to involve a data recovery specialist early in the contingency planning process. External cloud providers should also be working together with competent data rescuers, so that they can react quickly in a worst case scenario. Given the increasing amounts of structured and unstructured data, in both cloud- and virtual-based environments, data recovery is by no means simple. Additionally, data is usually located at different locations and constantly moves back and forth between storage layers for quick accessibility. This can be quite useful, but also creates a highly complex scenario where companies can easily lose track of where their data is located. “In order to avoid such risks, companies need a solution for their information management and, moreover, an efficient strategy for the management and recovery of business-critical data,” outlines Peter Böhret.

Thoroughly check out the cloud provider

In order to work on public cloud computing, companies should submit a comprehensive set of technically-, security- and legally-related questions before making a final decision:

Technical questions

  • Interruptions to power or power surges can cause data loss and damage or limit its availability. Is your cloud provider prepared for this?
  • What type of data storage does your provider use? A redundant RAID? Which hypervisor do they use? Are their employees and data centres certified?
  • Has your provider established back-up systems and protocols that meet all the data protection standards of your company?
  • Do they provide a Business Continuity or Disaster Recovery Plan prior to a Data Recovery Specialist? In the event of data loss, it is important that there is already contact with competent data recovery companies.
  • What are the Service Level Agreements and arrangements which apply to data recovery, liability for loss, improvements and business results?
  • Can the data be divided between different cloud services if necessary? In the event of contract termination, can you get your data back? If yes, in what format? Is there an absolute guarantee that all other copies were destroyed?

Questions about data security

  • What measures does the provider give to protect your data?
  • If data is marked for deletion, is it really deleted? Who guarantees that the data has been deleted?
  • Is the client the rightful owner when the data is stored in the cloud?

Legal issues

  • Does the cloud provider secure the data by corresponding to the backup policies of your company?
  • What guarantee does the cloud provider have that it is complying with data protection agreements?
  • During litigations or investigations, can you or your external Data Recovery Specialist receive access to the data to extract it or secure the information?
  • Where exactly is your data stored? And where is the cloud data centre?

Finding the right Data Recovery Specialist

As already mentioned, data recovery from the cloud is successful in many cases. Sometimes it is even more likely to be successful than from physical disks. However, even here, your service provider can feel like your first visit to the dentist. Companies should ensure that the Data Recovery Specialist can recover data from complex RAID, SAN, virtual and cloud environments. Additionally, they should be able to repair and restore data in corrupted files. This includes server- and desktop-based emails as well as databases and office applications. Last but not least, the service provider must have the tools for the recovery of encrypted data and the data must be able to come back in encrypted form after the recovery. If all of this can be ensured, then there is nothing in the way of the successful and safe use of public cloud services.