Why Your Cloud Apps Deserve Better Data Protection

The potential for catastrophic data loss events continues to climb as the use of cloud applications grows. Small and medium-sized enterprises are moving massive amounts of data into the cloud—and that data is now spread across more applications than ever. However, as businesses add more critical business functions to the cloud and try to make more apps work together, the risks to their data grow.

Risky Business

More applications also mean more ways for cybercriminals to access data. SaaS applications are a prime target for nefarious individuals and entities looking for backdoors into businesses’ greatest asset: data. Criminals are constantly finding new ways to compromise or delete businesses. In fact, according to Accenture’s report, “Cost of Cyber Crime,” criminals are using more than half a dozen techniques. Meanwhile, the National Cyber Security Alliance found that cybercriminals are a top threat for small businesses, forcing 1 in 10 of those targeted out of businesses.

But cyberattacks aren’t the only concern. Companies should not discount the impact of human error on their data. At the best of times, an inadvertent click of the mouse can have destructive ramifications. Human errors are even more likely in the current business climate as we transition to remote work environments. Employees are now forced to balance everyday tasks in the midst of additional family or health stressors and distractions.

Making things even more complicated, many of these online tools offer integrations that do not always play nicely with each other. APIs are constantly changing, so moving and sharing data between apps is even riskier. One missed API update or code change could create hours of work trying to rebuild lost or corrupted data.

Cloud Data Protection Challenge

Cloud app data is by no means fully protected. Yet, the ubiquity of cloud services such as Box, Dropbox, Google Drive and others has created the illusion that cloud data is fully protected and easily recoverable. However, even the most revered and trusted providers manage data by what is called the Shared Responsibility Model: They are accountable only for system-level infrastructure and data, ensuring reliability and recovery if there is a systemwide failure or natural catastrophe.

This accountability provides some peace of mind to all customers of the cloud service; they can be assured that if an asteroid hits a data center or there’s a hardware failure in a network or data node, that the service will be recoverable and resilient. However, this does not provide customers with the guarantee that if something catastrophic were to happen to their specific dataset (a tiny subset of all the data), any information would be recoverable.

This could be all your sales accounts, the hundreds of products in an online store or the audit receipts in online accounting books. The responsibility of making this “account level” data both resilient and recoverable falls on the shoulders of individual businesses. Protecting this critical information, which essentially helps teams operate, must be a focus for successful businesses.

Beyond the Basics

Many businesses already have strategies in place to mitigate the risks to their data. Examples include restricting user privileges and limiting access, embracing multi-factor authentication and complex passwords and password managers. Despite these practices, however, many still fail to fully review third-party apps and integrations and rely on outdated data backup processes or operate without any backup process at all.

Business must thoroughly review the terms and conditions of all third-party apps and integrations to better understand the associated risks—What data can they access? Are they requesting authorization to manipulate/delete data? Assessing the credibility of an app is just as important as reviewing the terms and conditions, though. Read through any available online information and confirm this product has a dedicated development team, accurate contact information and current copyright. Those are all easy ways to verify it is a reputable company.

Proactively protecting cloud data with account-level backups is critical. If cloud data is compromised, corrupted, mistakenly deleted or otherwise unavailable, an account-level backup provides immediate access to a comprehensive copy of the data needed to keep a business running.

Backup solutions range from seemingly simple data exports to custom-built backup software or third-party apps. While “simple” data exports sound like an easy solution, they can be cumbersome and time-consuming to manage—and worse, they often end up ridiculously outdated by the time they are actually needed. Building your own backup software, on the other hand, requires full-time internal or outsourced resources and comes with significant long-term costs, thanks to the constant need to update the solution to keep pace with ever-changing APIs. The third option, a prebuilt third-party solution, delivers the automatic backups needed for up-to-date data, but typically comes with a much smaller price tag than a custom solution. Just like any third-party app though, you need to make sure the one you pick is reputable and has a proven success record.

The Call for Better Cloud App Data Protection

Blind trust in all things cloud cannot continue; cloud applications do not back up all the critical, account-level data that businesses need to keep important apps (and the business) running. Waiting for a major data disaster with a direct impact on your own business is a recipe for disaster. Now is the time to ensure your business continuity by pushing for more control of cloud app data.

James Ciesielski

James Ciesielski is the co-founder and CTO of Rewind, a cloud data backup provider. James has over 15 years of experience building highly scalable software and services in the fields of telecommunications, media and financial technology. He earned his Bachelor Mathematics in Computer Science and Software Engineering from the University of Waterloo. In recognition of his achievements to date, he received the Ottawa-Gatineau’s Forty Under 40 Award in 2019.

james-ciesielski has 1 posts and counting.See all posts by james-ciesielski