Should You Backup Locally, to the Cloud or Both?

By John Bedrick, guest blogger, Seagate, CSS

There’s been a lot of attention lately about the cloud and if you should trust your data in the cloud or not. Whether you agree with him or not and whether you want to admit it or not Edward Snowden has changed the data security dialogue within company IT departments forever. Despite the existence of data privacy laws and regulations it isn’t just about hackers and malware gaining access to confidential information but governments (both foreign and domestic) stealing data as well.

cloud-trustLet’s face facts – most of us already suspected that government agencies like the NSA had access to our data. The only thing we weren’t sure of is whether it occurred through some back room deal with technology companies or through other, more clandestine methods. Snowden’s actions not only confirmed these suspicions but provided much more information about the extent to which government agencies can access the world’s data with relative impunity.

So what does the above have to do with my Blog’s title?
I’m glad you asked. In two words, it’s about “Data Protection“. Backup and Recovery is a subset under the larger umbrella of data protection. Where and how your data is backed up is of critical importance in this day and age of government hacks and data privacy laws.

What Snowden exposed has many organizations very concerned.

In particular are revelations, about the NSA and other government agencies that decisions are being made with regards to the location of the stored data staying exclusively on a company’s premise or not as well as if it should ever leave the country of origin or even how it should be stored.

But the response about how best to proceed is mixed. Some companies have determined that only its own IT departments should be trusted with the protection of company data and that it should be stored on premise, at a company facility. Others choose to trust cloud providers with their data but only if it remains within the country of origin.  Meanwhile other companies use a hybrid approach (on premise + cloud) to storing its backup data.

Note: Companies doing business in any European countries, with membership in the European Union, must retain their customer’s data within the country of origin – based on the EU 1998 Data Protection Act.

So which method is right?

All of them – that’s right, all of them.
When it comes to safely backing up and storing data the company’s ability to make its own choice about which data protection model is right for them should be the utmost concern.

  1. For those choosing to work with a vendor, the prime consideration should be to seek those offering flexible choices without sacrificing anything from a legal or technology standpoint. If, for instance, a data protection / backup and recovery vendor utilizes a purpose-built backup appliance (PBBA) to securely store backups on-premises then the user’s IT department can oversee and manage all of the access points into and out of those appliances.
  2. On the other hand, if you chose to utilize a cloud offering from your data protection / backup and recovery vendor, then you will want to make sure that the data is protected from the initial source, while it is in transit and while it is at rest in the cloud (your vendor’s data center). One of the best ways to ensure that company data is protected end-to-end is via encryption. The current state-of-the-art for an encryption cipher is: the Advanced Encryption Standard (AES) with at least a 128bit encryption key and ideally double that to a 256bit encryption key.
  3. Still another approach is the hybrid model where companies securely backup and store data both on premises and in the cloud (via private company cloud or in a vendor’s cloud). There are many advantages to the hybrid or cloud-connected™ approach. One in particular – redundancy – ensures that company data is replicated to another data center site and perhaps even in another country (often referred to as geo-redundancy).

Note: No matter what method a company chooses it is a best practice to encrypt all company backup data whether stored in the cloud or not; many international government bodies have legislation requiring companies to do this.

Picking a data protection / backup and recovery vendor that allows companies a choice in which model will work best for them not only provides the flexibility today but, should needs change, it can be quickly adapted (by switching models).

For more information about TierPoint and EVault backup and recovery solutions, please click here: