Anyone who has important data and maintains it also needs to protect it. This means not just protection against natural catastrophes such as fire, flood, or power loss. Hacker attacks can also lead to total loss of your internal infrastructure and put entire companies out of commission. In its study “2016 Cost of Data Breach”, IBM determined that data losses lead on average to damages of 4 million dollars. Every data set that is lost thus costs an average of 158 dollars, which can quickly mean catastrophic consequences for small and large companies alike. A backup in the cloud helps to minimize the potential for data loss and cushions the blow of service losses. But which cloud solutions can really be considered secure? After all, the company’s sensitive data should not fall into the wrong hands right from the start.
With cloudplan, security is always at hand, even in the cloud. Credits: fotolia | © adam121
- The principle of online data storage
- What solutions are there for backup?
- How safe is cloud computing in general?
- How to recognise secure cloud services
To date, many companies rely on what is known as client-server architecture for their data storage. The company owns servers, which are located at a central point in a locked room. The files that employees work with every day, on a central or distributed basis, are stored on these servers. Typically there is one such structure at every location within the company, while the backup is managed at a central point. If a system failure occurs, for any reason whatsoever, the backup from the previous day is restored and any lost work must be made up wherever possible. If the backup is behind, then the loss of data may cover several days and cause significant economic damage. And that’s not even considering the case where the backup is defective or even non-existent. Fire, water damage, hacker attacks, or even internal spying can also cause massive problems.
What could be more obvious than to save data in the cloud? There, the problem of broken hard drives and lost data does not seem to exist. Any failures are automatically fixed because the data are saved not only on several hard drives and storage media, but also on machines that run independently of each other. The user doesn’t see any of this and can simply trust that the data will always be available. Only the failure of entire infrastructure nodes or critical Internet lines would result in the data not being accessible.
Sensitive data, at least, must be saved at various locations as much as possible. This necessity is nothing new, so most companies already have a backup solution in place that requires a greater or lesser amount of effort and different levels of security.
The simplest form: the briefcase backup
One very simple and practical form of securing data is the so-called briefcase backup. It is often used at small companies, in particular. Every evening, or in some cases just once a week, the data is saved to a hard drive that a trusted person then takes home. If something goes wrong with either the backup or the data at the company’s location, it will not affect both data sets, so data restoration is possible in principle.
The classic server backup
At larger companies, however, so-called (distributed) backup solutions are often used. These are a type of precursor to the cloud — the difference being that data is saved at several independent locations. Only in extremely rare cases will the different locations be hit by simultaneous natural catastrophes, or the like. A problem with this, however, just like with the briefcase backup, is that the classic data backup saves the data only at a certain point in time, not continuously. Performing the backup also uses up the available transfer bandwidth and the data itself may be more than a day or even a week old in the worst case.
Conventional server backups thus have several disadvantages at once:
- If the backup is unusable due to a defective data storage medium after a loss, then the data will be lost despite the fact that a backup was performed
- The backup is typically already a certain amount out of date when it is needed, so procedures need to be repeated and information is lost
- If there are inconsistencies between the backup locations, it can be very tedious to determine the right version of the data and to extract it from the backup
- Especially for time-critical systems, or if bookings or transactions are involved, for example, some data may no longer be captured after the fact, leading to downstream problems
- Regular backups tie up personnel resources and can consume a substantial amount of bandwidth in the local network or the Internet during the backup process, particularly for companies with several locations
- Restoring the data and repeating the work since the date of the failure wastes a lot of time and therefore money
Backup in the public cloud
To secure data inside and outside of the company, the use of a cloud is particularly attractive because the data is automatically saved and stored several times over. The use of a public cloud is also very simple. Once registration is complete, the required folder structure is set up and the system operators start to transfer company data to the cloud storage. Familiar providers of public cloud solutions are Microsoft (OneDrive), dropbox.com, and Google Drive. What sounds simple, however, can lead to problems in practice. Some documents may be modified when uploaded and are then no longer available in their original form. What is much more critical, however, is that it cannot be completely ruled out that your valuable company data may fall into the wrong hands, and/or put to further commercial use.
Backup in the private cloud
For backup in the private cloud, you first take care of the installation and setup of the necessary internal infrastructure. A cloud architecture is installed on the server side, which the employees’ computers will access later. You may install additional nodes at other locations, and the servers of the cloud synchronise the data with each other, so that the cloud is always up to date.
The essential properties of this type of cloud are:
- Depending on the solution, nearly any number of machines can access the data at any time and from anywhere in the world
- A typical prerequisite for a cloud connection, however, is a very stable Internet connection with high bandwidth and availability
- The data transmitted by you are not necessarily protected against access by third parties
- If the Internet connection between or to the cloud servers fails, no more synchronisation occurs and work may potentially not be able to proceed
Peer-to-peer backup in the private cloud
If you would like to have access to your data from every client in your company, 24 hours a day, cloudplan has the perfect offer for you. Your data can, for example, be encrypted and saved on a flexibly scalable cloud server from cloudplan. You also always have the ability to make the data available to all clients, around the clock, on a central server within your company. Anyone who is within your local network then reaps the benefits of substantially higher transfer speeds. And even if neither your server nor the node installed at cloudplan should ever been reachable, data can still be taken directly from the available clients. The available sources are selected automatically, so the clients in your cloud never even notice in most cases. You and your employees are thus protected several times over.
Cloudplan offers a secure cloud solution that is unaffected by a lost Internet connection and saves all data locally multiple times. Credits: cloudplan
Looking at data security in clouds in general, several potential security problems are evident:
The location question
Other countries often have other rules: while Germany and Europe place great emphasis on data protection, other countries have completely different laws and practices with respect to data protection. For example, US companies are not required to delete data, even if the person who initially uploaded the data requests it. The right to be forgotten does not, de facto, exist there. According to the upcoming 2018 data protection directive, the location of the (server) infrastructure will no longer be definitive for the applicable data protection directive. Instead, the location of the person who is accessing it (i.e., Germany in most cases) will be applied. The best thing is to go with a provider with local relations right from the start, so that you don't end up with problems in this area in the first place. If you have already uploaded some of your data to potentially less secure clouds, you should plan to switch over in the near future. Certainly you don’t want to have a solution in place that does not conform to applicable EU law.
Encryption of transfers without a VPN
Many providers, but certainly not all, transfer data in a secure manner. While conventional cloud solutions still use a VPN connection with a username and password, or even transfer the data unencrypted, modern providers use so-called end-to-end encryption. This ensures that data are encrypted on the sender side prior to transmission and are decrypted only after being received on the receiving side. A so-called “man in the middle” attack, where an unauthorised person tries to capture your data during transmission, is ineffective.
The principle of data sovereignty
If your company produces, manages, and processes data, of course you want to know and control who has access to it and where the data is stored. This is summarised by the term data sovereignty. While a private cloud, by definition, provides maximum data sovereignty and is operated within the company itself, it is generally not considered as failure-proof. It is also often less technically advanced than a public cloud and requires a lot of maintenance effort on the hardware and software sides. This problem has been investigated by the Mittelstand initiative, which determined that cloudplan has found an optimal solution here and developed it to be ready for market. Read more about the awarding of the Mittelstand 2017 innovation prize to the startup from Hamburg.
Encrypted transfers, encrypted storage, location in Germany, and full data sovereignty: for companies who work with cloudplan, data security is no longer a high-wire act. Credits: fotolia | © Sergey Nivens
The Private Cloud as a Service (PCaaS) as an optimal compromise
Against the backdrop of the advantages and disadvantages of public and private cloud systems, you should not rely on just one single technology. With the solution provided by cloudplan, the required data is normally saved on a server that belongs to the same network as the clients and is available 24 hours, either at your company or as a leased node at cloudplan. For larger individual data files, such as videos, raw data, or documents and folders with particularly high simultaneous access, the use of a dedicated server at your company on which cloudplan software is installed is recommended in any case. They not only provide the data locally at especially high speed, but also can be upgraded with respect to available storage capacity (more) easily. If the Internet connection between the locations fails or one or more servers fail, the data is nevertheless obtained from the machines that are still locally available and then saved locally as well. As soon as the Internet connection is restored, or a potential central node has been repaired, it is once again available as an additional information store and provides additional security. Your data thus not only remains intact all the time, it is also available much more quickly than if it would need to be access via the Internet. The line bandwidth that this saves is thus available for other tasks or can even be permanently reduced for cost savings.
The risk of hackers from inside or outside the country and potential natural damage to infrastructure make it clear that there is no absolute protection against the loss of individual technical systems, servers, or Internet lines. It is all the more critical that data retention in the company be secured in several ways. Every system—whether a conventional backup, public cloud, or dedicated cloud infrastructure—has its own strengths and weaknesses. For these reasons, and in order to obtain the best compromise of availability, redundancy, and data security, we recommend the use of an intelligent peer-to-peer cloud located at your company. With this solution, you can continue to sleep well at night and the good old backup briefcase can stay at the office.