How safe is “the cloud” when it comes to securing valuable corporate data? Recent incidents have made it clear that even the most reputable cloud computing services are not immune to mishaps, facing risks ranging from data center fires to misconfigurations and cyberattacks. This makes it increasingly important for companies to rethink their data management strategies, especially those focused on cloud-based storage.
Mismanagement of data in the cloud
In May 2024, an Australian financial services company had its Google Cloud account deleted due to a misconfiguration, leaving over half a million customers without access to their financial data for a week. Similarly, a ransomware attack on Finland-based cloud service provider Tietoevry affected private companies, universities, and government agencies across Sweden, demonstrating that vulnerabilities in the cloud exist on multiple fronts.
These examples illustrate, among other things, that data stored in the cloud is susceptible to risks similar to those that apply to locally stored data. After all, “the cloud” is essentially servers housed in data centers that are just as vulnerable to physical and cyber threats as any other IT infrastructure.
Co-founder and CISO, Cyber Upgrade.
An evolving regulatory landscape
The stakes for good data management are higher than ever, as data loss can lead to costly business disruptions and serious reputational damage. In addition, regulators are now enforcing stricter measures on data processing and digital infrastructure. For example, the Digital Operational Resilience Act (DORA) aims to ensure that financial entities in the European Union are prepared to effectively mitigate cyber risks. Similarly, the Network and Information Systems Directive (NIS2) seeks to improve cybersecurity in sectors that are crucial to the European economy, such as energy, transportation and healthcare.
These regulatory frameworks, and the penalties they impose for non-compliance, are forcing businesses to rethink their current data management strategies. Relying solely on third-party cloud storage solutions without implementing strong internal controls can lead to violations, resulting in significant fines and loss of customer confidence. Implementing a robust data backup strategy that complies with these regulations is no longer optional, but a necessity.
Concrete steps for zero trust data backup
A strong backup strategy should protect businesses not only from data loss due to data center outages, but also from other threats such as ransomware and cross-site scripting attacks.
A comprehensive data management plan should include retaining backups older than six months to ensure that historical data and log files are available when needed for forensic purposes. At the same time, companies should ensure incremental data security by using a combination of basic backups, Write Ahead Log (WAL) backups, full system snapshots, and full data dumps. Because individual backups can be vulnerable to local cyber attacks or fires, it is essential to store identical backups in different geographic locations, ideally at least 25 miles apart.
But even these measures may not be enough without additional layers of internal security. All backups should be encrypted to ensure data integrity and confidentiality, and access to backups should be restricted to limited, authorized personnel. Additionally, a log of all backup instances should be maintained for tracking and audit purposes.
Periodic evaluations are also critical. Backup processes should be verified monthly to ensure they are reliable and consistent, and a full recovery test should be performed at least annually to validate the effectiveness of the backup strategy. In addition, realistic disaster recovery scenarios should be simulated annually to identify potential gaps in the backup plan.
By implementing these controls, companies can better protect their data assets, comply with stringent regulations, and ensure operational resilience against increasing cyber threats. Ultimately, achieving true data security means trusting no one while implementing strict and uncompromising internal controls.
We provide an overview of the best cloud optimization services.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of Ny BreakingPro or Future plc. If you’re interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro