Many companies move business data to a cloud-based platform expecting that their hosting provider is handling everything. However, organizations often miss that common services such as Google Workspace, Salesforce and Microsoft 365 come with limited backup baked in. In the fine print, these services recommend deploying additional solutions for backup and recovery of data put into their environment.
The limited coverage provided out of the box is often only found later by clients – when restores are limited in scope or duration when the original expectation was that their data was fully backed up.
Organizations understand the cost of lost information but not all are accurately reviewing their SaaS agreements to determine the depth of coverage in the build in services being utilized. It’s become common for IT to need to evaluate SaaS solutions with respect to backup design and implementation to ensure proper coverage of an organization’s data and intellectual assets and part of that process means a careful review of SaaS agreements.
Read the Fine Print
As an organization relying on SaaS or cloud-based platforms, it’s important to consider that the built-in protections afforded by the solution may not align with your organizational objectives and needs. It’s recommended that you review the terms and conditions (TOCs) with an eye towards what specifically is covered under any built-in data protections, how long data is recoverable for and under what circumstances/costs data may be retrieved. If these do not align with your organizational requirements/objectives, alternate backup options may need to be considered with respect to the solution at hand.
And remember, while the marketing speak may note that backup is included, the details need to be considered careful. Some solutions may only provide daily recovery points whereas others may capture backup more frequently.
Start by reviewing the TOCs for the solutions your organization uses to verify they meet the objectives, requirements and compliance needs of your organization. A failure to start here may mean a misalignment that could be costly.
Myth: Our email is backed up because it’s in the cloud
Truth: Most solutions such as Google Workspace and Microsoft 365 do indeed allow recovery for a window of time. But that recovery may not be sufficient and is generally limited in scope. Consider that many events may go undetected for weeks or months before data loss is even noticed by staff. The less than 30-day window to retrieve data that may exist for some forms of data in these platforms is usually insufficient. Many vendors even encourage additional backup beyond the base capabilities to ensure a more comprehensive plan is in place for data.
Myth: I don’t need to worry about ransomware in the cloud
Truth: Cloud solutions are generally not immune to ransomware. Data can be deleted or encrypted prior to triggering protections that may exist in SaaS solutions that try to limit the impact of such events. Backup is the most important defense with respect to recovering from a security incident such as ransomware.
A well-designed system for backup ensures your organization can bring operations back online and recover valuable information that may be damaged. Should a ransomware event occur, backups are what ultimately will be the difference between your organizations ability to recover to how things were compared with having to rebuild what was damaged from scratch.
Backups require testing
An untested backup is hardly a backup. In fact, you only know your backup works the moment you test it. While testing ensures comfort in a backup process and solution, only regular testing can provide the level of comfort and reliability organizational leaders expect from their backup solutions.
As part of our services, we regularly monitor and test backups. The mixture ensures both known failures are captured as well as unknown issues are uncovered as testing helps spot check blind spots in the backup process.
Tackling the Issue with IT
Most organizations require cloud-based services and applications. If you fall into this camp, it’s important to ensure your organization has a comprehensive plan in place for backing up your cloud assets and restoring operations should a failure arise. If you’re at all unsure of your position, we recommend working with an IT service provider like us to create a plan that is tailored specifically to your organiation’s needs.
We help design and implement solutions that help our customers navigate their specific needs and requirements with respect to cloud backup. Check out this infographic that covers your backup responsibilities in cloud.