Cloud backups: Where's my get out of jail card?

Quis custodiet ipsos custodes?

Combat fraud and increase customer satisfaction

Double or quits

This layered approach is important. If your data doesn't exist in two locations then it doesn't exist. Just as it isn't good enough to simply trust my data to two different Amazon "zones", putting a Unitrends appliance in my datacentre and using that as the single point of backup isn't good enough either.

A fire, a flood or some jerk driving a truck into the side of the building could take out the working set of data and the backups stored on the local appliance.

Backing up to a local appliance and then mirroring those backups to another location – one you own, a managed service provider you work with or a public cloud provider – is pretty much the only way to go.

This is easy to understand in the context of workloads running on your own infrastructure, but how do you back up public cloud data?

And isn't avoiding exactly this sort of tomfoolery supposed to be the big selling point of the public cloud in the first place?

The truth is that most of the online providers are really quite crap at the sorts of versioned backups discussed above. Salesforce is a great example.

Salesforce uses tape backup and ensures that your data is backed up on average once a day. That sounds reasonable until you get to the part where restoring that data from backup is a minimum of $10,000.

When I consider the above in light of the high cost of Salesforce my brain simply kernel panics and reboots. Salesforce is no longer a phenomenal deal, as everyone keeps trying to convince me, and starts looking like some very typical buck-passer in new as-a-service clothing.

Saleforce's recommended solution to this problem – and you will get the same sort of answer all across the industry – is to purchase backups-as-a-service (BaaS) from a partner company. So to use that software-as-a-service (Saas) application in anything like a safe-enough-for-business-use fashion you will incur additional costs to back it up.

To kick you while you are down, those costs probably use a different costing model from the application or service you are trying to back up.

The backup service is probably per gigabyte of data with a trickle charge for bandwidth and separate charges if you ever need to actually recover something. Explaining the costing model to the bean counters suddenly takes more than one slide in the presentation.

Picking on Salesforce is easy, but it is an almost universal problem. I don't exactly have versioned access to my Gmail or Office 365 email. For that you need to turn to Live Office (now owned by Symantec) or similar applications. (I used Spanning with Gmail before I started my migration off US cloud services.)

When you get your hair cut you don't have to bring in a third-party hair removal service to sweep the floor afterwards

This whole model is dangerous. IT people trained in the dark arts of the tinfoil hat look at any network and start pulling it apart for single points of failure.

When you go to a barber you expect to pay the tithe and get your hair cut; you don't have to bring in a third-party hair removal service to sweep the floor afterwards.

Technologists are good at technology but have a tendency to simply say that problems outside their core expertise are not their problem. Whether the issue they are trying to pass the buck on is security or backups, this leads to trust issues. Over time, after enough people have lost data, confidence in the entire concept of the public cloud could well erode.

3 Big data security analytics techniques

Next page: Numbers game

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Microsoft's Nadella: SQL Server 2014 means we're all about data
Adds new big data tools in quest for 'ambient intelligence'
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
prev story


Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.