Data Protection In the Cloud

One of the questions I get from time to time is, can I store my data in the cloud? At the NEVMUG, this came up once more. There is currently a lot of uncertainty about cloud storage, specifically when it comes to critical and highly regulated data. Where should I store my data, dovetails nicely with discussions of going to the cloud as well as data protection is a key component of such a migration.

There is a process to determine where you can store your data, and whether or not an organization can push their data and development environment to the cloud. It is not about the technology, which makes all this possible, but about your organizations policies, procedures, perceived levels of risk (whether based in reality or unknowing), and the level of regulatory compliance within your business.  From a Technical perspective it is possible to make use of the cloud today, but there is a fair amount of due diligence still required to make use of the cloud a reality.  So what is this due diligence?

  • Review the organizations current regulatory compliance policies and procedures, you may need to find a cloud provider that can meet these requirements
  • Review the organizations current data protection policies and procedures as these often have regulatory and security policies as well
  • Review the organizations current development practices as the developers may be using data for testing that requires regulatory compliance
  • Review the organizations current data classification policies and procedures as these often dictate where data can live

So once you review all these documents, practices, policies, and most likely many more, it is time to look at cloud providers. But not before you do your due diligence.  The key is to develop a list of the key components of your possible deployment into the cloud. This list is a set of questions about your requirements you can ask or send to cloud providers. If there are clouds that meet all your requirements, it is time to decide how to move to the cloud.

Moving to the cloud is all about data movement, where does data live within the cloud of your choice and how you can protect that data once it is in the cloud. Data protection has to be a key component of any movement to the cloud and how data protection will be done should be a part of any design or migration plan into the cloud. There are some key data protection methods to consider:

  • Use the mechanisms already built-in to the cloud, such as Salesforce’s data backup tools and more traditional tools such as Veeam, Quest vRanger, Symantec Net Backup, etc. (that list is pretty endless). However, can you easily get to the backups?
  • Use mechanisms you can bolt onto your cloud instance, but this often depends on the type of cloud. For PaaS and IaaS, you can add your own agents and tools to provide data protection. For SaaS, you will have to fall back on other mechanisms.
  • Use mechanisms that work on ingress and egress to the cloud. In other words, provide data replication and backup as data enters and leaves the cloud to your local data center.

It is also important understand the importance of your data, as well as what is actually part of your data set within the cloud. Let us take development workloads, which are often considered to be placed within the cloud. Development workloads often contain production data sets as these are the data sets that are required to develop software, but also because this is the data required to fix problems and as such this data may fall under regulatory compliance, classification levels, and other policy, procedure, and practices.

The key is, that while it is technically feasible to move to a cloud instance for many workloads, it may not be in your organizations best interests to do so without thinking through the implications of such moves from not only a compliance view but from a data protection point of view. This view includes not only backup and restoration, but retrieval of any backups if the cloud has issues so that you can recreate your cloud instance on your own hardware.

Posted in Data Protection, SDDC & Hybrid CloudTagged , , , ,