Does anybody make local backup of their data that is normally stored in the cloud?
One of the big selling points of cloud storage is that you don’t have to do backups, because the hosting company already does it. And while I’d assume the vast majority (if not virtually all of them) of have better backup systems than I could ever do, is it being too paranoid to regularly backup any data stored in “the cloud” to on premisis archive?
And I’m not just talking about the ERP databases and support files. Should I be backing up my personal MS OneDrive, Google Sync & Backup, etc…?
One might say that those programs that mirror your data (leaving a local copy on your device), have the data in two places. But if someone were to gain access to your cloud account, deleting files from the cloud would also delete them from your local storage - as the programs most often just try to sync. If I delet the file on my local machine, the cloud is updated and the file is also deleted from the cloud storage - and vice versa.
Let’s go with you CAN farm out your backups - you still need them of course. With the cloud services (Azure, AWS, GCP, etc.), they have the backup products to keep multiple copies around the world and to do restores.
Let’s take this to a higher level view and assume we’re talking about businesses and not personal files. I think we are conditioned to throw all of our files onto a shared drive because we were raised on file servers. Are all documents equal? Do they contain sensitive data like Personally Identifiable Information? Personal Health Information? Trade Secrets? Credit Card Info? Business Plans? What are their retention policies? Sometimes saving everything forever can become a liability. When you make a local backup, you must be prepared to physically secure the backup, encrypt it, and check it periodically to make sure the media can be restored if needed.
With the cloud, there are many, many more choices for file storage depending on the answers above.
OneDrive/SharePoint
OneDrive for Business is SharePoint under the hood. With SharePoint, you can easily tag documents with sensitivity. In fact, there’s a new product that searches through your documents for sensitive data (Government IDs, Credit Cards, Healthcare information, etc.) and tags it for you. Also with SharePoint:
Documents can be versioned and restored to a previous version. You know WHO made any changes by version. Online editing is a breeze unlike file shares.
There is a recycle bin. If you accidentally delete a file, you can recover it for a number of days. After that, it goes to another recycle bin for a total of 3 months and your admin can restore it.
Documents can be shared within and out of the organization with little involvement from IT (other than policy of course!). Sharing can expire and the sharer knows when and who has opened the document.
You can prevent a file from being emailed, printed, screenshot, or downloaded (but not protect from photographing the screen…)
Files can be sync’d locally or pull “on-demand”. Syncing is now incremental so large files sync quicker. (Caution with sync. IF you don’t use On-Demand and you start to run out of local disc and you delete files, you will delete them on SharePoint! It’s recoverable as mentioned above but a PITA nonetheless.)
Is essentially free with your M365 subscription
Azure Files
For those who can’t live without a file server, it’s the most expensive option and has a few more features than a local file share. Can sync but doesn’t have the other SharePoint features. Still requires IT to setup and maintain security.
Blob Storage
Both Microsoft and AWS have very inexpensive blob storage. It can be immutable. It’s optimized for further processing services (Data Lakes, ML, …) It’s not accessible from SMB, a favorite tool of viruses that ravage local networks and leak data. Depending on retrieval speed, it can be very inexpensive. Could be a good candidate for backup up personal files too.
I wasn’t concerned about accessing the data with any regularity or special needs. Just trying to imagine some scenario where the hosting company has a major F-up, is attacked, or even some sort of physical/natural disaster. Or is purchased or controlled by a foreign company that decides to terminate service with no warning.
Side question … If an international conflict on the scale of WW2 broke out, would the US government compel Amazon to cease providing services to an enemy state? How about Twitter and Facebook?
Also …
What if I open a remote desktop to another computer, and view the doc on the remote computer. Could I do a screenshot of my local computer, capturing the window containing the “secured” document? Like in the following, wher the red box shows the remote computers desktop.
You are absolutely right in thinking about business continuity issues…across the board. What would you do if the company data center experienced some physical/natural disaster? I don’t think the cloud relieves you of this planning. Heck, Azure AD was down for a few hours a couple of weeks ago. What should people do if they can’t log in???
I wasn’t going to put screenshot in the list but I did because it is enforced on mobile devices. The point isn’t about 100% prevention but to slow theft down.
Insider risks are tough. With M365, you can do some risk assessments (machine learning) to see that a person is downloading more than usual or in a Document Library that they are not usually in. While you cannot prevent all risks, you have far more tools to use in the cloud than you will on prem - at the minimum, you’ll need the cloud tools to help protect your on prem resources.
If you use Windows Virtual Desktop, Microsoft recently announced the ability to prevent the RDP screenshot. Not sure about other RDP hosts though…
