Feeds

Cloud backups: Where's my get out of jail card?

Quis custodiet ipsos custodes?

Top three mobile application threats

It is time for your reminder to review, test and otherwise care about backups. Today's twist is probing the cloud to see if we need to worry about cloudy backup ourselves. If so, how exactly do we do it?

The more I delve into the state of cloud services the more I am disturbed by what I see. Every vendor has a completely different backup policy; some have none at all.

Infrastructure-as-a-service (IaaS) vendors seem to be the worst for this. We are often lead to believe that virtual machines and storage on a public cloud are invincible.

When giants fall

This is far from the truth. Even the mighty Amazon permanently lost customer data just over a year ago.

Think about that for a second. Amazon lost customer data. We are not talking Ma and Pa's Old Time Co-Lo and data hosting. This is the company that beat out IBM for the new CIA datacentre.

Amazon is the best of the best at cloudy tech and even it does not offer a default 100 per cent guarantee that your data won't go walkabout and never come back.

You can host your data in multiple regions of Amazon's cloud, but multi-region outages can occur – at which point you're hooped.

You may find a public-cloud vendor that you are sure has so many layers of backups that your active data is indestructible, but this is a guarantee only of the working set and not a true backup.

Working set technologies, such as high availability, fault tolerance and the like, protect against infrastructure failure. They do not protect against Oopsie McFumblefingers making a huge mistake during data entry or accidentally deleting something.

We're only human

In the real world, protection against infrastructure failure is not enough. You will inevitably run into those moments where you must pull up a copy of the data as it existed at a previous point in time and work on it.

You can never completely engineer people out of the data collection process. If it isn't McFumblefingers punching information into a form and hitting submit, then it is a script somewhere talking to an API or reading input files from a hotfolder. APIs evolve. Output formats are tweaked.

In some cases changes are made to address security problems. In others it could be a politician revising daylight savings times or some nation declaring independence. There is always something that needs an update. And updates are ultimately made by humans so eventually something will go wrong.

This means there is a need for version control – incremental backups as in days of yore. Backups are easy as pie if you are running your cloud on your own infrastructure. vSphere can take snapshots of running virtual machines for you and Unitrends (or similar) can back up pretty much anything under the sun.

You can even back up that data (or copies of that data) to the public cloud using software such as Asigra. I pick Asigra because it appears to offer several different types of cloudy backup and it is Canadian.

I have issues with my data living in the US. Asigra provides tech that allows me (as a managed service provider) to be the backup location for my clients.

High performance access to file storage

Next page: Double or quits

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.