Business Continuity by Data Recovery – How the Cloud Helps Securing your Business Data
In 1906, San Francisco was shattered by a large earthquake and Amadeo Giannini, the founder of the Bank of America was the first to think about continuing business after such a catastrophic event. He rescued all funds from his bank, shortly after the earthquake occurred. He used the rescued funds to lend to customers a few days after the disaster, while other banks were unable to operate, due to their buildings being destroyed. Giannini’s plan to get all the funds out, almost immediately, proved to be a good continuity strategy.
Today, business continuity and disaster recovery strategies are an integral consideration in most companies around the globe – or at least they should be. And nowadays, the sustainability of a company’s data resources has reached a similar importance as the availability of funds to a bank after an earthquake at the beginning of the last century. Therefore, we want to provide you with a guide for setting up a business continuity strategy and disaster recovery plan for the data of your company.
What is Business Continuity Management?
Business Continuity Management (BCM) refers to a framework used for the identification of the exposure of a company to internal and external threats, a (theoretical) impact analysis in the event such a scenario materializes itself, and the initialization of responses to the possible scenarios constructed from those threats. BCM aims at providing a company with the ability to effectively respond to events that threaten the company’s ability to continue conducting their business. Such events can be of physical nature (e.g. an earthquake), or of digital nature (e.g. a data breach).
Adjoining a BCM is usually a disaster recovery plan, meaning a detailed set of procedures to reinitiate the necessary processes for the business to continue, in case of an emergency. BCM and disaster recovery are connected by BCM specifying possible threat scenarios and developing specific plans to respond to those threats. Those continuity plans are the disaster recovery measures. Hence, BCM and disaster recovery are two integral parts of one greater management discipline – the strategic planning of a company’s reaction to an event, threatening the company.
Why is Business Continuity Management Important?
As described in the example in the introduction, a plan to continue business after a threatening event can ensure the survival of a company, or even put a company in an advantageous position against its’ competition. Therefore, business continuity management is an important management discipline for every company, seeking to sustain its’ business ability.
And while business continuity management remains a vast area of research and best practices, I want to focus on the data aspect of business continuity. Meaning how do businesses ensure their data is being safe and remains accessible in case of a threat-scenario materializing itself.
Business Continuity in the Cloud
Traditionally, the considerations of business continuity regarding a company’s data and digital processes, did involve some sort of second site and duplicate hardware. The second site was usually equipped with core systems and applications. In addition, the data of a company was duplicated (sometimes in a less comprehensive amount) to an off-site data center or server room. This was also the attempted backup strategy of many medium to large sized companies – and still is to this date. Such a business continuity strategy for data is hardly feasible for small firms, due to the limitation in resources available.
The main challenge of a continuity plan with regard to data is the sheer amount of resources needed for building a (backup) data center, setting up and maintaining the networks and systems, and even more crucial, getting the data recovery points right. Some of the core processes of a business might require specific hardware, which could make hardware duplication necessary – Yet, the majority of services can be run on a standard hybrid cloud infrastructure. In modern information technology, cloud services are gaining in importance as a backup location in business continuity management, due to those services being mostly hardware-independent. This technology enables businesses to easily back up data, applications and in some cases even whole operating systems, to a remote location (cloud).
In combination with an increasingly faster download- and upload-time, the remoteness and hardware-independence of those services offers a more reliable and faster recovery time, in case any data should get lost. Additionally, the cloud adds another layer of security against data theft. If hardware is stolen, the data on a computer or external hard-drive is stolen as well – not if the data rests in the cloud.
Concerns Regarding Cloud Backups
Hearing about all these advantages of using the cloud as a backup-location, as a recovery plan, one might be quick in assuming all companies are planning to change their backup strategy to one that integrates the cloud into the business continuity planning. But in reality, many companies are very hesitant to do this. But why?
The reluctancy of companies to shift their data and digital processes to a cloud service has its’ viable reasons. There are several concerns that arise from a usability or bandwidth perspective, but I want to focus on the perceived (and actual) security issues.
Despite the cloud being an excellent way to back up data at decentralized locations and by that providing a company with more control over its’ data, the cloud faces skepticism for exactly this – there is a looming fear of losing control over the data, once it is uploaded to the cloud. And there is, in fact, a potential for the loss of control over data on several fronts.
The data stored at a cloud is usually encrypted by the provider. At rest and during transmission. So far so good – but this method of encryption puts the provider in a position, the company using this service cannot want. If a company relies solely on the encryption provided by the service provider, to protect their data at rest and in transit, the provider holds the keys to encrypt the data, stored on its’ servers, meaning the provider is able to decrypt the data at any point in time. The provider might use the data for their own purposes or hand them over to authorities, if the law would require doing so (e.g. the American CLOUD Act).
In addition, the sole fact that a connection is protected by SSL does not constitute a level of security that is required by most companies. URLs can be manipulated, making phishing attacks a serious threat to data. Furthermore, some providers do not lock out a user after a specific amount of failed login attempts or do not require a strong password to secure an account. The security concepts of the cloud providers are not strong enough for company data and there is another factor that concerns businesses. And as with most factors, there are two sides to the same coin. The cloud usually enables its’ users to restore previously saved versions of a file. And while this is particularly useful in business continuity considerations, some raise the very justifiable concern that data cannot be really taken offline, once it has been uploaded online, anymore.
A recent study by Netwrix concluded that 46% of businesses that store personal data in a cloud are considering retreating from the cloud, for safety reasons.
Encrypted Backups for Secure Cloud-Integration
Following the increase in importance of data for business tasks, there is a subsequent increase in importance of data backups for business continuity, in case of an incident threatening the businesses’ very existence. The cloud is the cheapest, quickest and most flexible way of backing up and restoring data, in case of an incident. It carries some serious threats for data integrity, though.
Secure end-to-end encryption, which has to be independent of the provider used for storing the data, is providing companies with the possibility to store active data, and back up all data in the cloud, while resting assured that the data cannot be accessed by any unauthorized third party – be it the cloud provider, a government, or a hacker.
Both, Boxcryptor Company and Boxcryptor Enterprise offer exactly that, an easy-to-use encryption solution for data stored in the cloud. Boxcryptor will be implemented seamlessly into the workflow of all employees. Boxcryptor Company and Boxcryptor Enterprise offer additional features to increase ease-of-use and security, as well as giving administrators or top-level executives full and complete control over all data stored in the cloud.
Start Protecting Your Company Data Today - 14-days Free Company Trial
With our free 14-day Company trial you can start immediately to secure your company's data in the cloud. Get to know all the exclusive features of Boxcryptor Company and Boxcryptor Enterprise. Secure your active data as well as your backups in the cloud with millitary grade encryption.