When it comes to protecting valuable business data, how secure is “the cloud”? Recent incidents have made it clear that even the most reputable cloud computing services are not immune to setbacks, facing risks ranging from data center fires to misconfigurations and cyber attacks, making it increasingly vital for companies to rethink their data management strategies, especially those focused on the cloud. -based storage.
Poor data management in the cloud
In May 2024, an Australian financial services provider had its Google Cloud account taken down due to misconfiguration. This resulted in over half a million customers losing access to their financial data for a week. Similarly, a ransomware attack against Finland-based cloud services provider Tietoevry affected private companies, universities, and government authorities across Sweden, proving that cloud vulnerabilities exist on multiple fronts.
These examples, among others, illustrate that data stored in the cloud is susceptible to risks comparable to those affecting data stored locally. After all, “the cloud” is really nothing more than servers housed in data centers, which are as vulnerable to physical and cyber threats as any other IT infrastructure.
Co-founder and CISO of Cyber Upgrade.
An evolving regulatory landscape
The stakes of proper data management are higher than ever, given that data loss can lead to costly business disruptions and serious reputational damage. In addition, regulatory authorities are now enforcing stricter measures on data handling and digital infrastructure. The Digital Operational Resilience Act (DORA), for example, aims to ensure that financial institutions in the European Union are prepared to mitigate cyber risks effectively. Similarly, the Directive on Network and Information Systems (NIS2) seeks to improve cybersecurity in sectors critical to the European economy, such as energy, transport and healthcare.
These regulatory frameworks and the penalties they impose in case of non-compliance make it imperative for businesses to reconsider their current data management strategies. Relying solely on third-party cloud storage solutions without implementing rigorous internal controls can lead to breaches, resulting in significant penalties and loss of customer trust. Implementing a robust data backup strategy that complies with these regulations is no longer an option, but a necessity.
Concrete steps for zero-trust data backup
A solid backup strategy should protect businesses not only from data loss due to data center outages, but also from other threats such as ransomware and cross-site scripting attacks.
A comprehensive data management plan should include retaining backups older than six months to ensure that historical data and records are available when needed for forensic purposes. At the same time, enterprises should ensure incremental data security by using a combination of baseline backups, write-ahead log (WAL) backups, full system snapshots, and full data dumps. Because individual backups can be vulnerable to cyberattacks or localized fires, it is essential to store identical backups in different geographic locations, ideally at least 40 kilometers apart.
However, even these measures may not be sufficient without additional layers of internal security. All backups should be encrypted to ensure data integrity and confidentiality, and access to backups should be restricted to limited, authorized personnel only. Additionally, a record of all backups should be maintained for tracking and auditing purposes.
Regular assessments are also crucial. Backup processes should be checked monthly to ensure they are reliable and consistent, and a full recovery test should be performed at least once a year to validate the effectiveness of the backup strategy. Additionally, realistic disaster recovery scenarios should be simulated annually to identify potential gaps in the backup plan.
By implementing these controls, companies can better protect their data assets, comply with strict regulations, and ensure operational resilience in the face of increasing cyber threats. Ultimately, achieving true data security means trusting no one while implementing rigorous and uncompromising internal controls.
We list the best cloud optimization service.
This article was produced as part of TechRadarPro's Expert Insights channel, where we showcase the brightest and brightest minds in the tech industry today. The views expressed here are those of the author, and not necessarily those of TechRadarPro or Future plc. If you're interested in contributing, find out more here:
