Business Continuity by Data Recovery – How the Cloud Helps Secure your Business Data
In 1906, San Francisco was shattered by a large earthquake. After this catastrophic event, Amadeo Giannini, founder of the Bank of America, was one of the first to think about how his bank could continue doing business. He rescued all funds from his bank, shortly after the earthquake occurred, and started lending the funds to his customers a few days after the disaster. This measure gave him an enormous economic advantage over other banks that were unable to restore their business processes due to the destruction of their premises. Giannini’s plan turned out to be an excellent continuity strategy.
Today, business continuity and disaster recovery strategies are integral factors in most companies around the globe – or at least they should be. The modern equivalent of retrieving an early 20th century bank's funds after an destructive earthquake would be something like a corporation salvaging their data after a ransomware attack – that data is just as crucial for today's businesses. Therefore, we want to provide you with a guide for setting up a business continuity strategy and disaster recovery plan for the data of your company.
Table of Contents
- What is Business Continuity Management?
- Why is Business Continuity Management Important?
- Data Storage as a Part of BCM
- What Risks Need to Be Considered in a Cloud Backup Strategy?
- Encrypted Backups for the Secure Integration of the Cloud Into the Corporate IT Infrastructure
What is Business Continuity Management?
Business Continuity Management (BCM) refers to a framework of analyses and contingency plans. These support the correct decision-making in the event of an emergency.
A company's exposure to internal and external disasters is assessed through analysis. Threat scenarios are designed.
The potential threat scenarios are used to derive contingency plans necessary to resume critical business processes.
The goal is to restore all business processes as quickly as possible. BCM develops effective response options to crisis.
Such events can be of physical nature (e.g. an earthquake), or of digital nature (e.g. a data breach). Business Continuity Management and Disaster Recovery are two critical components of disaster recovery of business processes and strategic planning of business response to risks that may result in business process failure, respectively.
Why is Business Continuity Management Important?
As described in the example of the Bank of America, a plan to continue business after a threatening event can ensure the survival of a company, or even put it in an advantageous position against its competitors. Therefore, business continuity management is an important management discipline for every company seeking to sustain its business ability.
And while business continuity management remains a vast area of research and best practices, the focus remains on the data storage aspect. We show how businesses can prevent data loss and ensure their files are securely stored and reliably available in the event of an emergency.
Data Storage as a Part of BCM
In order to restore a backup in the event of an emergency, it must be stored at a different location than the production data. Other location is meant quite literally, as the data must be far enough away so that it is still available at the main site even in the event of a fire or earthquake. A backup server in the basement of the company building does not meet this requirement.
The second site is usually equipped with core systems and applications. Important to note: Data of a company are duplicated and (sometimes in a less comprehensive amount) stored here.
Managing duplicate applications and backup copies reliably in a different location is almost impossible to implement in practice, especially for smaller companies.
The main challenge of a continuity plan regarding data is the sheer workload that companies must undertake to prevent data loss:
- Building a (backup) data center
- Setting up and maintaining the networks and systems
- Maintaining data cycles for the generation of backups
Some core processes require specialized hardware, and since a malfunction of these processes would have exceptionally serious consequences, such hardware also needs to be backed up by duplicate copies, as well as properly maintained.
The solution: Most of these functions can be covered by a hybrid cloud infrastructure.
Cloud services are gaining importance for companies' backup strategies, partly because they are almost independent of the hardware. Virtualization software enables simplified backups of data, applications and entire operating systems to servers in other locations. Combined with increasing bandwidth for uploads and downloads, the cloud therefore enables reliable and fast recovery of data should a data loss occur, whatever the cause.
What Risks Need to Be Considered in a Cloud Backup Strategy?
After listing all these benefits of the cloud when it comes to disaster recovery of data, you might think that all companies are moving their data to the cloud and adapting their backup strategy, making the cloud an integral part of the business continuity plan. In reality, many companies are very hesitant to do this. Why? They have some reservations: To them, the cloud is not secure enough for sensitive corporate data.
Although the cloud is a great solution for securing data in decentralized locations, many are skeptical for this very reason: Is there a risk of losing control of the data once it is uploaded to the cloud?
There are several points of potential loss of control.
The Encryption Key Lies With the Cloud Provider
The data stored at a cloud is usually encrypted by the provider. At rest and during transmission. So far so good – but this method of encryption puts the provider in a position, that the company using this service does not want to be in. If the person who performs the encryption also possesses the cryptographic keys for it, the cloud provider can decrypt the data at any time. This is problematic if the data is handed over to US authorities, in the case of the law requiring doing so, according to the CLOUD Act.
Fundamental Security Functions Are Missing
The sole fact that a connection is protected by SSL does not constitute a level of security that is required by most companies. URLs can be manipulated and thus can become a tool for cyber criminals who want to carry out phishing attacks or infiltrate ransomware. To properly protect company data, most cloud providers lack two basic security features:
- The blocking of an account after a certain number of failed login attempts.
- The obligation to use a secure password.
Lack of Transparency Regarding Data Deletion
Another aspect that makes many companies cautious is data recovery. By using versioning and keeping backup copies of data in the cloud, users can restore previously saved versions of files or entire folders. This is especially useful when recovering data after a ransomware attack.
Learn more about how the cloud can support BCM in the event of a ransomware attack in our featured article Ransomware - How a Secure Cloud Strategy Can Help
While this solution may make perfect sense in some situations, it also leads to the legitimate question of whether data can ever be truly and completely deleted from the cloud. After all, the secure deletion of data is also an important process in every company and should be ensured in every IT system.
A recent study conducted by Netwrix made headlines with the buzzword Declouding. It concluded that 46% of companies who store personal data in a cloud are considering withdrawing from the cloud for security reasons.
Encrypted Backups for the Secure Integration of the Cloud Into the Corporate IT Infrastructure
With growing importance of data for business processes, the significance of data backups is also increasing. In a crisis, data backups can make the difference between the weal and woe of a company and are therefore an essential factor in business continuity management. The cloud is the cheapest, quickest, and most flexible way of backing up and restoring data, in case of an incident. It carries some serious threats for data integrity, though.
The solution is secure end-to-end encryption that is independent of the provider who offers the location where the files are stored (i.e., the cloud). Companies gain the ability to store data and secure it in the cloud by using independent encryption software.
The advantages in summary:
- The cloud ensures continuous availability of data and automatic backups.
- Encryption ensures maximum data sovereignty.
Boxcryptor offers just that - a user-friendly encryption solution for data stored in the cloud. The software integrates seamlessly into the workflow of all employees. It can be integrated with all common cloud providers and runs on smartphones as well as on Apple and Windows operating systems. Boxcryptor also offers an integration for Microsoft Teams that allows encrypted sending of files and chat messages within the application.