Wow, it seems really exciting for businesses to minimize their technology footprint when they go from on premise applications and servers to the cloud. No more hardware to support and because the cloud provider has backups, that too is no longer a worry – right? Unfortunately, that is very wrong!
Most cloud providers protect the data stored for their own failures not for yours. They do this to ensure that all client data can be recovered consistently. Your issues will often be very different or unique!
Consider this when moving to the cloud:
- How long does the provider keep your company email?
- Common answer is 3 months for most cloud providers to recover all messages, they often do not provide a service to recover one employee mailbox or will charge for that service.
- If an employee leaves the company, after 3 months their mail/mailbox is gone. One non-profit didn’t realize that considerable financial history was in an ex-employees email until 6 months had passed. No options but try to recreate what they needed which took hours & hours.
- Can you get access to some files that had not been used for a year and perhaps were deleted?
- Most often the provider does not have a service to get back individual files, and like email if more than 3 months have passed they may be gone.
- Some providers are not willing to do this for you, or will charge you a great deal for the service. Know your options when you sign up!
- We just discovered someone on the team inadvertently deleted some major accounts from our system last week. Can we recover them?
- The answer will probably be yes, but…the vendor will most likely be able to restore a full copy of the database. However, any new work that went on since the deletion will have to be redone because the copy they replace was as of the last point in time. You could be looking at hours of rework to bring everything back to current. Your other option is to try to recreate the missing information which will also take time.
- Is my information secured from vulnerabilities introduced by other clients?
- When many organizations share the same infrastructure, often referred to as multi-tenancy, be sure you get a clear understanding of what your risk may be if another company introduces a threat.
- Know who and how your users will be managed, timeliness may be more critical now.
- Have very clear responsibility for user management. Strong authentication, perhaps even 2-factor authentication should be in place especially if dealing with PCI, HIPAA, or critical financial information.
- Strong and frequently changed passwords are imperative. Be sure rules are in place to force changes, 90 days is recommended.
- When people leave a company whether voluntarily or involuntarily, ensuring that accounts are turned off immediately is crucial. In the days of in-house services, disabling network access protected the company. Remember with the cloud, you don’t have to be in the office to access cloud applications, and an unhappy ex-employee could wreak havoc on your data and systems by walking next door to a coffee shop and logging in via a laptop or other mobile device.
While all of this may seem frightening, it doesn’t have to be. When your business had servers in house, you had a backup strategy in place with good access/security practices, right? A backup strategy doesn’t change when you go to the cloud, while someone else is managing your application and infrastructure, you still have to manage a backup solution and access to your systems. There are some really good cloud to cloud backup solutions, if you are unsure about what to do, we are happy to help you make a solid decision for your business.