History (and the media) have shown us that many organizations can’t secure their internally stewarded IT infrastructure, so HOW should you look at security for cloud services as part of your data protection strategy?
Hi, I'm Jason Buffington. I'm the principal analyst at ESG covering data protection. Our recent data protection Cloud strategies research shows the two sides of security concerns and assurances for those considering Cloud powered data protection. You can't have an IT modernization conversation without talking about Cloud services, and you can't talk about Cloud services without discussing security.
Looking at the top objections or concerns causing organizations to decide not to use Cloud services more pervasively, data security privacy concerns tops the list. If you're going to put your data in a repository that you can't touch or see, you ought to be mindful of security. Data security and privacy concerns and the closely related compliance and audit concerns are primarily obstacles to utilizing or further utilizing Cloud powered data protection. Check out what we saw when we asked organizations that are already using Cloud based protection services. Forty-two percent cite improved security as a benefit of leveraging the Cloud. In other words, an organization's biggest concern just might turn into one of its most pleasant upside surprises.
While those two charts may at first seem contradictory, the findings are in fact logical when considering how typical on premise backup solutions work. Most traditional on premise backup solutions do not encrypt data in flight between the backup agents on the production resources and the protection repository. They do not encrypt data at rest within the protection repository, presumably a disc based backup server or an appliance. Most on prem solutions are susceptible to the backup server or appliance being physically accessed or maybe even stolen, and most on prem solutions are susceptible to theft of the longer term retained data - the tapes - because they're portable. Unfortunately, even when organizations replace one on prem backup solution with another on prem solution most of the same security caveats apply. To be fair, not all on prem backup solutions exhibit these vulnerabilities, but more do than don't across the range of offerings currently in market today.
In contrast, many Cloud based backup solutions do encrypt data in flight between the subscriber site and the Cloud provider repository. Most Cloud solutions do encrypt data at rest within the Cloud provider repository. Most of those Cloud solutions are not susceptible to theft of the backup platform itself nor are they susceptible to theft of the previous versions. In short, while security concerns are undeniably valid and should absolutely be investigated when considering a Cloud powered data protection solution, choosing a solution that is well established which has invested in the proper security precautions can actually result in a more secure data protection architecture while also raising one's data recovery and agility options and changing the economics of your data protection strategy.
It's certainly reasonable to be concerned about security in all IT conversations especially when placing some of your data - production or protection - outside of your physical control such as within a Cloud provider. However, many of the well established Cloud solution providers in the market today have invested so heavily in security features and architecture that you may discover that your potential Cloud solutions are in fact more secure than the on premise backup solutions that you rely on today. Not all Cloud solutions can boast of various encryption and/or procedural mechanisms and ensure data security and privacy, making those that can boast those capabilities especially worth considering.
I'm Jason Buffington for ESG. Thanks for watching.