Behold: The 2019 cloud backup myth-buster

Sponsored Software-as-a-service has become the norm, rather than the exception, for small businesses. For example, on productivity and collaboration, it’s now difficult to find an SMB that doesn’t use some aspect of Office 365 or G Suite.

When these services first arrived, however, execs were nervous about the prospect of some tech giant on the other side of the ocean housing their data and also serving up their business-critical applications. What would happen if the data was deleted, lost or became unavailable? Many have since shrugged off these concerns to such an extent they’ve gone to the other extreme by assuming cloud is so reliable they are willing to stake their entire operations on it. In reality, they were right to be cautious. The dangers of data loss in the cloud are real, and they haven’t gone away. And that means the need for proper backup mechanisms in SaaS environments is as strong as ever.

Cloud computing is a priority for many SMBs. According to a Capterra survey of 700 SMBs in the US, it was the second most prevalent technology on the average small business's to-do list, with 47.8 per cent of respondents budgeting for it. Those SMBs already using cloud computing have fewer workloads on average overall and therefore smaller cloud bills, but 11 per cent of them still exceed $1.2 million in annual cloud spend, according to RightScale’s 2019 State of the Cloud survey.

The cloud’s darker lining

According to the RightScale survey [PDF], a relatively small number of these SMB cloud users (31 percent) have a central cloud team. It’s all a little haphazard. Perhaps that’s why they often think forklifting data to the cloud protects it. It’s a common mistake, according to a Global Advanced Threat Landscape 2019 survey by CyberArk.

More than one in three respondents said that the number-one benefit of moving data to the cloud was to offload security risk, yet fewer than half (49 per cent) had a privileged access security strategy for cloud data. That leaves the data vulnerable to destruction, either accidentally or maliciously, by someone who shouldn’t have access. And that someone isn’t always an outsider as you might suspect: earlier in 2019, disgruntled IT consultant Steffan Needham managed to get into a colleague’s account at software business Voova. Needham, who Voova dismissed after a four-week trial period, used the credentials to log in and destroy 23 AWS servers. It cost the company several key customer contracts. Ouch.

Availability =/= backup

The problem is that executives confuse high availability with backup. High availability means you can get your data almost all the time, but that doesn’t mean it’s backed up. If for some reason your data is deleted, it’s gone. If it becomes unavailable for a long or even a short duration, then you’re operations can be severely impacted.

There are other dangers to not properly backing up your files in the cloud. For example, if like many SMBs you don’t have sufficient internal expertise to manage your cloud and IT environment, you may hand over the whole thing to an external provider. If that provider doesn’t give you direct access to your account, it may walk away with your cloud data if you part ways acrimoniously.

The big secret to many cloud computing contracts isn’t obvious because cloud service providers aren’t at pains to highlight it: proper backup capabilities rarely come as standard. Some services give you a short period to recover deleting your files before really erasing them, but if you don’t spot the deletion in time, then it disappears for real soon enough.

Most times, proper backup functionality isn’t even something that you can pay the service provider for. You get a pale “backup lite” for free. Microsoft provides a basic level of data retention, keeping previous versions of your data for applications like SharePoint Online, but it just restores the whole thing if one copy goes bad. So, if you do want to manage your own recovery point objectives or selectively restore data its best to follow the official Microsoft’s advice of regularly backing up content and data to either Redmond’s service or that of your chosen provider.

Microsoft also offers a backup service for Azure, but that’s a different service that backs up virtual machines and databases in the cloud. It isn’t for your Microsoft Office 365 account. Even if Microsoft and G-Suite developed more mature backup options, you wouldn’t want your data backed up to the same cloud provider’s infrastructure.

So you’re relying on a substandard backup. Then if there’s a problem, you must convince the cloud service provider you exist. That was the problem facing interior design tools company Moss, which accidentally deleted its own G-Suite account, containing “work created by scores of employees and contractors over three years that’s irreplaceable”. After the cloud giant ignored it for days, exasperated Moss executives eventually served Google with a lawsuit. Their plea for relief was woefully plaintive: “Injunctive relief - Do not delete data”, it said. Unfortunately, if you delete your Google account, it’s game over.

Taking control

To control of your data in the cloud and in order to apply a backup strategy that probably protects your data, you will need to a third-party backup provider. There are various online providers who target the SaaS market, but many of them backup your data on a cloud-to-cloud basis. That creates its own issues such as: can you guarantee that the cloud infrastructure will always be available? Does it use the same cloud infrastructure as your SaaS provider behind the scenes, which might mean you are no further forward should your primary provider go down? What is the service level agreement for recovery and does it match your recovery time objective? Cloud-to-cloud backup is an acceptable option, but there are several other check boxes that you should tick.

Bringing data home

The third option is to back up your SaaS data to your on-premises infrastructure. This concept, supported by Synology with its Active Backup system, which backs up SaaS data from the cloud to one of its local NAS appliances. It’s available as a licence-free application with the NAS.

This system, available for both Office 365 and G Suite, gives you an administration console that you can use to set backup policies on a per-user basis for your company’s SaaS account. It goes beyond just files. Alongside OneDrive for Business, it also supports SharePoint Online, and Exchange Online.

Once you’ve set the policies, the system backs up files from the cloud whenever it sees changes. It also saves previous versions of the file on a frequency set by the admin. It’s yet another step away from the old grandfather-father-son model that we saw in tape environments.

One nice thing about this model is that it uses block-level deduplication to minimize the storage that it takes up on the NAS.

On the restoration side, the system uses access privileges to segment data; employees will only see their data on the next device and no one else’s, just as they would in the cloud account. They can use the self-service portal to search for files by keyword, including finding email attachments, and then restore those files selectively. After restoration, they appear on the cloud service in a separate folder so employees don’t confuse them with other files.

One interesting feature here is Active Directory integration. You can use Microsoft Azure Active Directory Domain Services to integrate the NAS directly into Azure, turning the appliance into a single sign-on client which makes it easier for employees to get at their backed-up files on the local storage device.

Note that these on-site SaaS backup systems don’t let your employees carry on working on their files during the kind of outages that we see in the cloud. That’s not what they’re for. You wouldn’t want to do that, for two reasons.

First, you couldn’t do it in G Suite because it has an editing interface based on JavaScript in the browser, and on-site appliances don’t mimic that functionality. Second, the differences that on-site edits would introduce between the on-premises and SaaS-based files would create consistency issues, landing you with reconciliation problems. But it means that if anything nasty happens to your data in the cloud, you can get it back.

The ability to recover files selectively also creates another opportunity for following backup best practices: testing. Testing backups can be cumbersome in on-premises scenarios because it can disrupt operational systems. Not so in the cloud. You can periodically test the restoration of individual files or groups of files from a local backup appliance to ensure that everything works properly.

You can use a local backup appliance for your SaaS data on its own, or if you’re especially paranoid, alongside a separate cloud-to-cloud backup system for yet another layer of protection. Either way, this protects you against those initial fears that spooked small business users when they were first getting used to the cloud. Given that NAS appliances can also back up local data, using it for SaaS backup is effectively a free add-on that could save you headaches in the future.

Sponsored by Synology.