Lack of cloud backups poses a 'real problem' for data protection, expert says

TU IS/Getty Images

Kirsten Errick By Kirsten Errick,
Staff Reporter, Nextgov

By Kirsten Errick

|

A Veeam report found that a third of IT leaders did not think their cloud data needed to be backed up for security.

As the government and other organizations are increasingly moving to cloud environments, efforts must be taken to ensure the safety of data in these environments, according to Veeam’s Cloud Protection Trends Report 2023

The report, released earlier this year, examines four cloud protection pillars: infrastructure as a service, platform as a service, software as a service and backup and disaster recovery as a service. The report surveyed 1,700 IT leaders in the fall and found that 98% of organizations are using some form of cloud capability. 

According to the report, 34% of respondents think their cloud-hosted files are durable or do not need to be backed up and 15% believe their cloud-hosted databases are durable or do not need to be backed up. However, a lack of backups can pose problems for an organization when it comes to cyber attacks on their cloud-hosted data. According to the report, 59% of respondents have cloud-hosted files and 79% of their cloud-hosted databases are backed up. 

“That is a real problem because—when we ask in data protection trends, ‘what was the cause of the most significant outage that you had in the last year?’—cyberattacks are consistently the most significant cause of outages,” said Jeff Reichard, Veeam’s vice president of solution strategy. “And other causes of outages are things like overwrites, accidental deletion, accidental corruption in that report. So, if you’re not protecting resources that you’ve got on a public cloud—whether it’s file shares, whether it’s database as a service, whatever—those things are entirely vulnerable to an administrator making a mistake and accidentally losing data, or misconfigured or overwriting data.”

Additionally, in reference to Veeam’s November 2022 ransomware report, Reichard noted that organizations tend to encrypt their cloud-based data after experiencing a ransomware or malware attack. 

“Backup is important because the native resiliency of cloud resources cannot let you turn back the clock the way that backup can and that turning back the clock is very important for legal matters,” such as for legal discovery requests, Freedom of Information Act requests or a security inquiry, according to Reichard.   

He added that backups are also important in case of a malware attack and in supporting data as a zero trust pillar. 

“If I’m already breached, if my adversary has escalated credentials, how can I make sure that I can continue the mission, even if they do set off an attack?” Reichard said. “And secure backup is really the last line of defense for making sure that you can do that.”

However, in comparison to last year, cloud protection is improving, Reichard said. 

“What we’re seeing is an uptick in folks that are using backup or disaster recovery as a service compared to previous years,” he explained. “But we are seeing a continuation of using storage resources in the cloud and an uptake of using more advanced as a service resources for backup in the cloud. This year, as an example, disaster recovery as a service, we had 49% of respondents saying that they’re using [a] DRaaS solution, which is up from last year, and we expect those lines to continue as well.”

The report also found that two-thirds of backups of cloud-based workloads are performed by backup teams and one-third are performed by cloud administrators. 

“The reason why that is good news is that typically the folks who have traditionally done backup of on-prem resources are more aware of what the organization’s long term retention mandates are and disaster recovery requirements are. And so the fact that the folks who have been protecting data are getting more dialed into protecting cloud-based data is enormously good news for the security of that data,” Reichard said.

However, according to the report, a large number of organizations are returning their cloud-based data back to on-premises—known as data repatriation—mainly for two reasons: cost and workflow challenges. Specifically, the report found that only one out of eight organizations did not repatriate cloud workloads back to datacenters. Additionally, 88% of organizations returned their workloads to their datacenter because of “disaster recovery failback, staging versus production, or reconciliation that the cloud was not optimum for that workload.” 

The report stated that an organization's data protection strategy must include: backing up cloud-hosted workloads when they are brought into a cloud environment, as well as helping to migrate from cloud to datacenter or another cloud alternative.

“What I hear repeatedly is that cost containment is a major problem,” he said. “The other cause that I hear from federal customers for repatriating data is just unexpected connection of workloads with other workloads, basically, performance based on how often databases, for example, are being hit and from how many different locations.” 

Reichard stated that there are several mistakes that agencies can make in regards to cloud protection. 

“When we look at the mistakes that federal agencies make, one of them is basically not backing up cloud-based workloads. Not being aware that cloud-based workloads are just as vulnerable to misconfigurations or to deliberate cyberattack as on-prem workloads are,” he said. ”The opportunity for them is to think about backing that stuff up and thinking about what their long-term retention requirements are.”

NEXT STORY: GSA announces $14.6 million in CX-focused TMF awards

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.