As the move to the cloud continues, one nagging question remains. Should there be an independent backup of cloud resources? The answer is YES for a number of reasons.
Although it doesn’t happen often, there is a chance that the cloud service provider being used goes out of business. This shouldn’t be a concern if the cloud company is Microsoft or Amazon, but it should be a concern if it is a local Internet Service Provider, web hosting company or a vertical application hosting company. Several times a year we get panic filled calls from clients who just received notice that their service provider is closing their doors. On several occasions the client found out when they could no longer access their web site or data. Microsoft is famous for ending services or technology and leaving the clients hanging. There is a risk associated with the cloud service provider ending business operations or suspending services being used. Having backups reduces this risk.
Another reason for having independent backups of cloud resources is to provide recovery points farther back in time. While Microsoft doesn’t document the Office 365 retention policy, it is generally accepted that they will retain two weeks of data. Although Microsoft keeps the data, the recovery is restricted to the recovery options built into the applications, like the recovery of deleted files in Outlook. Microsoft does have various backup methodologies built into the Azure cloud, so it is possible to backup Microsoft hosted cloud services to other Microsoft cloud infrastructure. At Amazon you are not so lucky. Amazon does not backup ANYTHING. If a company has a server hosted at Amazon and the server crashes, unless it is backed up to some other resource, everything is lost. Lack of any backup is part of Amazon’s marketing plan that encourages clients to buy more Amazon resources for redundancy and backups – a brilliant marketing plan! There is a risk associate with the backup policies of the cloud service provider. Before moving to a cloud resource, a company needs to fully understand this risk.
Other data retention issues may be important to regulated entities and government agencies. Most regulated entities and government agencies have data retention requirements that range between 7 to 10 years. These long data retention periods are seldom met by cloud hosting companies. In these cases, an independent third-party backup would be a requirement.
The method for restoring data should also be clearly understood before a restore is necessary. Here are some questions that should be addressed by the cloud service provider:
- Can individual files, folders, or mail boxes be recovered?
- In database restoration, does the whole database need to be recovered or can individual records be recovered?
- Can a full volume be recovered?
- Does the recovery require booting up a full working image of the resource to recover the desired data?
There has been an explosion of new services becoming available to backup cloud resources. Industry best practices dictate that backups should be made to independent third-party backup locations that use different software, storage and infrastructure so that a catastrophic failure at the primary hosting location will not affect the backups and the ability to recover. The independent backup location should be coupled with an ability to either directly or indirectly support a recovery if there's a catastrophic failure with the primary cloud host. DeckerWright can assist in building a cost effective backup of a company’s cloud resources.
Click HERE for more information on Office 365 data retention - see section 6.