If you don’t feel you’ve put enough effort in cloud security, you’re not alone.
A recent survey released by Telus found that Canadian organizations only set aside 34 per cent of their cybersecurity budgets for cloud security, while nearly all admit that if they had to do it all again, they would have spent more time security when they began their migration to the cloud, especially on threat and risk.
Respondents would have also spent more time on monitoring and detection, as well as threat prevention controls.
All this regret around cloud security may explain why the 511 cybersecurity professionals surveyed by Telus are planning to increase spending by 22 per cent in 2023. Conducted with IDC Canada, the survey spans a wide range of Canadian industries and organizations, with more than half identifying as very knowledgeable about cybersecurity, with the remainder identifying as knowledgeable.
While security knowledge ranks well among respondents, only 37 per cent of the organizations surveyed report having dedicated cloud security professionals, while nearly as many – 33 per cent – are finding that staffing for cloud security skillsets is the most difficult of all cloud specialties to find.
Not many – 14 per cent – are storing their most valuable data in the cloud, which aligns with the confidence in cloud security, as 57 per cent of organizations believe their cloud environments are very or completely secure, but only 38 per cent of respondents said their organizations uses multi-factor authentication (MFA) to secure their cloud environment.
Approximately one third of respondents cited a lack of tools to monitor, detect, and respond to cyber threats was a major gap in their cloud environments, while a whopping 89 per cent said their organization had experienced a cloud security incident. (An incident is defined as an event with the potential to compromise confidentiality, availability, and/or integrity of computer networks, systems, or data.)
On average, the Telus survey found that organizations had experienced four to five cloud security incidents a year, with nearly half of the most damaging incidents spreading to on-premises environments. These incidents could be attributed to misconfigurations, human error, and known vulnerabilities.
Not surprisingly, respondents are using more than one cloud service provider – the average was up to 8.5, with infrastructure-as-a-service providers such as Amazon AWS, Google Cloud Platform and Microsoft Azure being the most used.
The Telus report makes several recommendations for those responsible for security in their organization. Chief among them is to not underestimate the value of frameworks like NIST, ISO/IEC 27001 or others. Others include:
- Provide IT / security staff with comprehensive cloud security awareness training
- Enable and configure any included security controls offered by your cloud service provider
- Conduct regular security audits and assessments
- Deploy MFA
Given all the cloud providers organizations use as well as the challenges in finding security specialists, you might consider seeking out a managed service provider who can help you bolster your cloud security, improve your overall posture and help you adhere to the Telus survey recommendations.
- October 13, 2022
- Catagory cloud backup
5 To Dos for Your Cloud Backup and Recovery Checklist
If it’s not a matter of if disaster strikes, it’s when. You need a comprehensive checklist for your cloud backup and data recovery procedure if you want to avoid a disruption to your business and your customers.
This checklist isn’t a one and done, either. You’ll want to revisit it regularly to tweak your processes and the cloud backup and data recovery tools you have in place. Here are five key things every checklist should have:
- Write it down: Document your cloud backup and data recovery procedure and be sure to have a hard copy. It should be a living document that you revisit regularly and outline all mission-critical applications and interdependencies – you can group them together and ensure all connected applications and their data safeguarded equally. Your plan should also detail the roles and responsibilities for everyone involved in executing it, so they know what needs to be done to restore primary systems from a cloud backup.
- Set your objectives: When you lose data, applications become unavailable. A recovery time objective (RTO) gives you a deadline as to how long you can go without an application and decides how much time it will take to recover after the disaster strikes. A recovery point objective (RPO) directs you were to focus your efforts so you prioritize the data you restore from cloud backup – an RPO defines how much data you can afford to lose in an outage scenario and can guide you on how frequently application data must be backed up.
- Add redundancy: Complexity should always be avoided, but don’t streamline your storage as far as to put all your eggs in one basket – be sure your cloud backup service provider has adequate redundancy and consider having data storage options that aren’t on your network to protect it from ransomware.
- Bolster your network: You need a secure and robust network to support your cloud backup and data recovery. Employing deduplication will help you reduce the pressure on your networking and storage resources because you’re only moving data you need to. Meanwhile, make sure data is encrypted when in transit and at a rest.
- Never stop testing: You must test your cloud backup and data recovery procedures by running regular fire drills. This will provide peace of mind that you can completely recover all data and applications as determined by your RPOs and RTOs. Be sure to monitor and verify that cloud backup and replication processes are taking place, that your destination storage media is operating, and that you can easily restore mission critical data with ease.
An ounce of prevention is worth a pound of cure. By having a checklist in place for your cloud backup and data recovery procedure, you can bounce back from a disruption with minimal impact on your business and to your customers.
- June 30, 2022
- Catagory cloud backup
4 Key Elements of Cloud-Based Disaster Recovery
Implementing cloud-based disaster recovery is the best way to minimize disruption and maximize business uptime, but you won’t realize the benefits without keeping four key elements in mind.
Data classification
Not all data needs to be backed up – it’s simply not cost effective, even with cloud solutions. You should understand what data you’re backing up, why and how quickly you need to restore it to keep your business running and avoid disruption for your customers.
Remember that not all business information is created equal. While some data must be archived and replicated offsite to meet compliance and regulatory commitments, mission critical information and applications should always take priority, with clear recovery time objectives (RTO) and recovery point objectives (RPO) so you restore operations quickly in event of any type of disruption.
Platform and provider selection
You want to simplify your cloud-based disaster recovery implementation as much as possible by using as few data protection tools as possible while covering all essential applications and systems – this where a managed service provider can provide guidance by applying their experience and recommending the best cloud-based disaster recovery solution for your needs.
Keep in mind you’re not just evaluating the technologies that back up and restore your data. You must also evaluate the provider’s infrastructure and track record. Your business goals, RPOs and RTOs, and any other requirements should be reflected any Service Level Agreement (SLA) and their data management policies.
Comprehensive testing
Never assume your cloud-based disaster recovery is working – you should know for sure through testing before implementing and then conducting regular fire drills once it’s up and running. Remember that the value of any solution comes down to how quickly and easily you can restore data and applications while minimizing disruption to your business operations and customers. They can be established through a proof of concept that runs through some likely scenarios to verify that your cloud-based disaster recovery is meeting the business goals, as well as your RPOs and RTOs.
Ongoing adjustments
Your disaster recovery plan is a living document. Together with your managed service provider, it should be adjusted and tweaked regularly to reflect changes in the business, including application upgrades, while also applying product patches and updates to the cloud back up solutions themselves. Be sure you and your managed service provider are on the same page as to who is responsible for what.
Maintaining cloud-based disaster recovery as an ongoing activity, not a one-time IT project, and you should always be reassessing its performance. Regular reports from your managed service provider allows you to understand if you are meeting the objectives and having confidence that disruption will be minimal when disaster strikes.
- June 16, 2022
- Catagory cloud backup
Complexity is the enemy of effective data protection
If you want to effectively protection your data, it’s best to keep things simple – complexity is your enemy.
While it’s important to have redundancy for your mission critical applications and data, the more tools and systems implemented to safeguard data, the bigger the likelihood of something going wrong and the greater potential for data loss. Simplifying your data protection systems will make it easier to get back to business in the event of a disruption due to data breach, malware and ransomware, natural disaster or human error.
Less is better
It’s easy to fall into the trap of setting up a complex solution for data protection because your business information systems tend to be complex. But even when you have a wide variety of applications and data to back up, complexity makes your data protection less effective.
The problem is that when lines of business incrementally add Software-as-a-Service (Saas) applications such as Microsoft Office 365 and Salesforce, they often assume data is automatically backed up by the vendor. However, they are just adding to the mix of systems that must be backed up by IT, including multiple endpoints including servers, workstations and laptops, and remote workers and satellite offices. Every time a new software solution, endpoint or physical office is add, incremental data protection is added to keep up with infrastructure sprawl. Complexity is an unintentional side effect because when data protection is put into place, it tends to be done in a silo, not holistically with all other applications and data in mind.
In the same way having more endpoints, network access, and applications creates more attack surfaces for threat actors, having more data protection systems increases the number of potential points of failure in your organization.
More complexity means risk
It may seem daunting to simplify data protection when your data is distributed across different applications and endpoints, especially with rise of remote work and the emergence of the hybrid workplace. Having multiple backup system in place to protect all this information increases complexity and risk of a data breach that can disrupt your operations, cost you customers, and even lead to a breach of regulatory compliance.
And as much as data protection is necessary, you don’t want to create any more work than necessary for your IT teams. Data protection systems must be configured, maintained, and updated, and backups must be verified – double checking backups takes time and people. Each tool you implement requires expertise and training and represents a software license you must pay for and manage.
Overprovisioning your data protection capabilities is an unnecessary expense and doesn’t improve your overall security posture. Running multiple backup solutions with overlapping features and even backing up the same data to different locations, is costing you time and money.
Given the complexity of production systems, it’s not realistic to have a single data protection system for everything, but it’s essential your streamline as much as possible. Settle on a small number of backup tools that will encompass all your system so that your IT team isn’t overwhelmed by their data protection duties. Otherwise, you can end up with misconfigurations that defeat the purpose and result in a data breach.
Most of all, remember that data protection may be essential, it’s not a strategic IT activity, so consider looking at how a managed service provider can consolidate your data protection tools to reduce complexity and ensure all your backups are effectively safeguarding your mission critical information.
- November 16, 2021
- Catagory cloud backup
Keep your data protection simple by using cloud backup
When it comes to data protection, simple is always better, even as remote work and hybrid offices makes things more complex.
Even as endpoints flourish, you should continue to streamline your systems by leveraging cloud backup and combat complexity—the more systems you have in place, the more likely something will go wrong. You must balance redundancy with simplicity.
Even before the pandemic and the massive proliferation of remote endpoints, there were already many different applications and systems needing backup as lines of businesses spun up their own Software-as-a-Service (Saas) applications such as Microsoft Office 365 and Salesforce. Even worse, they assumed data is automatically backed up by the vendor. But in addition to those applications, you need to keep track of your servers, physical and virtual machines, and multiple endpoints that include workstations and laptops, satellite offices, and of course, remote workstations, which may even be an employee’s personal device.
The attack surface has expanded since the pandemic but having multiple data protection systems isn’t the answer. Instead, consider a single cloud backup service with built-in redundancy. As with any application, a data protection system has its own maintenance requirements and processes, so it’s best to have one that’s well-managed and reliable that makes verification simple. That way, you can be confident all your data, regardless of application, server or endpoint, is being consistently backed up. Having as single cloud backup service is also better for your IT budget.
However, depending on your environment, it may not be realistic to have a single cloud backup solution; your best approach is to implement a select few data protection systems to meet user requirements so that your IT team isn’t overwhelmed by too many backup tools as the resulting complexity will lead to misconfigurations and ultimately, a data breach that leads to a business disruption.
Having confidence in your cloud backup isn’t just important for your IT team. Data protection plays a strong role in maximizing business uptime, so you’re not only trying to keep senior IT management happy—the CEO has a stake in data protection, whether they realize it or not.
Like any application you implement to realize business goals, not all data protection and cloud backup systems are created equal. In addition, IT environments are more dynamic than ever thanks to digital transformation efforts, the emergence of the hybrid office, and the persistence of remote work. When selecting a cloud backup solution, be sure they meet all your data protection criteria including compliance, security, and restoration windows. You might want to consider taking the opportunity to replace legacy systems that can be difficult to back up, rather than keeping them going because it will reduce maintenance costs, add data management capabilities, and improve your overall data protection effectiveness.
Remember that data is more portable than ever, too, especially when fewer people are working in the office behind the corporate firewall. If applications and data are spread cross multiple clouds, as well as endpoints and workstations, then your cloud back solutions must consider that your data is distributed across many platforms, as well as understand the built-in data protection of SaaS productivity applications—not just what they can do, but also what they don’t do.
A dramatic increase in the number of remote workers and the emergence of the hybrid office are great reminders that the need for robust data protection is never going to go away. As the year ends, take the opportunity to revisit the cloud backup solutions you have in place and implement a strategy to modernize it as needed to reflect the world of work with the help of an experienced managed services provider.