EDITOR ’ S QUESTION
JON TOOR , CMO , CLOUDIAN
A common pitfall we see is organizations relying solely on their cloud provider for security and data protection . In fact , ESG Senior Analyst Christophe Bertrand recently stated that 35 % of organizations using Software-as-a-Service ( SaaS ) completely abdicate their data backup and recovery responsibilities to SaaS vendors . What they fail to realize is that many SaaS providers don ’ t actually provide full data protection .
For example , Microsoft Office 365 offers georedundancy , which protects data from site or device failure , but this does not constitute a true data backup . If data is accidentally deleted or maliciously attacked , Microsoft 365 offers limited recovery options .
While it does provide basic recycling bin capabilities , Microsoft 365 only stores deleted files for a limited period . Beyond that time frame , the data is permanently deleted . Worse , if a user is accidentally deleted from Microsoft 365 , his / her data is erased entirely from the entire Microsoft 365 network .
All of this highlights the need for organizations to take greater responsibility for safeguarding their data , particularly with the proliferation of ransomware attacks over the last two years . This means ensuring their cloud provider has comprehensive security measures in place or adopting a hybrid cloud strategy in which such measures are applied on-premises in their own data center .
Regardless of where they ’ re deployed , these measures should include traditional defenses such as anti-malware software and anti-phishing training . However , because these defenses often fall short – in a recent survey we sponsored , 49 % of ransomware victims had perimeter defenses in place and 54 % had conducted anti-phishing training – organizations must also protect data at the storage layer .
This means encrypting data both in flight and at rest to keep cybercriminals from reading it or making it public in any intelligible form . In addition , organizations should have an immutable ( unchangeable ) backup copy of their data . Immutability prevents such criminals from altering or deleting the data and ensures the ability to recover the uninfected backup copy in the event of a ransomware attack , without having to pay ransom .
Whatever your cloud-based application may be , maintaining a copy of your data on-prem gives you recourse in the event that something goes wrong . Whether it is a data corruption issue , service interruption or hacker encryption , having an on-prem copy of your data gives you options .
Furthermore , it gives you full control over the management policies , retention of deleted data and immutability settings .
Data is the life blood of any organization . Think of the cloud as yet another IT resource , not an infallible entity , and then act accordingly .
Whatever your cloud-based application may be , maintaining a copy of your data on-prem gives you recourse in the event that something goes wrong .
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 33