What are the three valid options for protecting data as it moves to and within the cloud

What is the cloud?

Cloud computing is a general term that refers to hosted services that are delivered over the internet. Different from traditional web hosting, the services on the cloud are sold on demand, are offered in an elastic manner -- meaning the customer can use as much or as little of the service as needed -- and are managed completely by the service provider. Additionally, a cloud can be private or public. A public cloud sells services to anyone on the internet, such as how Amazon Web Services (AWS) operates, while a private cloud supplies hosted services to a limited number of users.

In an organization's data center, a backup application copies data and stores it on different media or another storage system for easy access in the event of a recovery situation. While there are multiple options and approaches to off-site backup, cloud backup serves as the off-site facility for many organizations. In an enterprise, the company might own the off-site server if it hosts its own cloud service, but the chargeback method would be similar if the company uses a service provider to manage the cloud backup environment.

There are a variety of approaches to cloud backup, with available services that can easily fit into an organization's existing data protection process. Varieties of cloud backup include:

• Backing up directly to the public cloud. One way to store organizational workloads is by duplicating resources in the public cloud. This method entails writing data directly to cloud providers, such as AWS or Microsoft Azure. The organization uses its own backup software to create the data copy to send to the cloud storage service. The cloud storage service then provides the destination and safekeeping for the data, but it does not specifically provide a backup application. In this scenario, it is important that the backup software is capable of interfacing with the cloud's storage service. Additionally, with public cloud options, IT professionals may need to look into supplemental data protection procedures.
• Backing up to a service provider. In this scenario, an organization writes data to a cloud service provider that offers backup services in a managed data center. The backup software that the company uses to send its data to the service may be provided as part of the service, or the service may support specific commercially-available backup applications.
• Choosing a cloud-to-cloud (C2C) backup. These services are among the newest offerings in the cloud backup arena. They specialize in backing up data that already lives in the cloud, either as data created using a software as a service (SaaS) application or as data stored in a cloud backup service. As its name suggests, a cloud-to-cloud backup service copies data from one cloud to another cloud. The cloud-to-cloud backup service typically hosts the software that handles this process.
• Using online cloud backup systems. There are also hardware alternatives that facilitate backing up data to a cloud backup service. These appliances are all-in-one backup machines that include backup software and disk capacity along with the backup server. The appliances are about as close to plug-and-play as backup gets, and most of them also provide a seamless (or nearly so) link to one or more cloud backup services or cloud providers. The list of vendors that offer backup appliances that include cloud interfaces is long, with Quantum, Unitrends, Arcserve, Rubrik, Cohesity, Dell EMC, StorageCraft and Asigra active in this arena. These appliances typically retain the most recent backup locally, in addition to shipping it to the cloud backup provider, so that any required recoveries can be made from the local backup copy, saving time and transmission costs.

When an organization engages a cloud backup service, the first step is to complete a full backup of the data that needs to be protected. This initial backup can sometimes take days to finish uploading over a network as a result of the large volume of data that is being transferred. In a 3-2-1 backup strategy, where an organization has three copies of data on two different media, at least one copy of the backed up data should be sent to an off-site backup facility so that it is accessible even if on-site systems are unavailable.

Using a technique called cloud seeding, a cloud backup vendor sends a storage device -- such as a hard drive or tape cartridge -- to its new customer, which then backs up the data locally onto the device and returns it to the provider. This process removes the need to send the initial data over the network to the backup provider.

If the amount of data in the initial backup is substantial, the cloud backup service may provide a full storage array for the seeding process. These arrays are typically small network-attached storage (NAS) devices that can be shipped back and forth relatively easily. After the initial seeding, only changed data is backed up over the network.

How data is restored

Cloud backup services are typically built around a client software application that runs on a schedule determined by the purchased level of service and the customer's requirements. For example, if the customer has contracted for daily backups, the application collects, compresses, encrypts and transfers data to the cloud service provider's servers every 24 hours. To reduce the amount of bandwidth consumed and the time it takes to transfer files, the service provider might only provide incremental backups after the initial full backup.

Cloud backup services often include the software and hardware necessary to protect an organization's data, including applications for Exchange and SQL Server. Whether a customer uses its own backup application or the software the cloud backup service provides, the organization uses that same application to restore backed up data. Restorations could be on a file-by-file basis, by volume or a full restoration of the complete backup.

If the volume of data to be restored is very large, the cloud backup service may ship the data on a complete storage array that the customer can hook up to its servers to recover its data. This is, in effect, a reverse seeding process. Restoring a large amount of data over a network can take a long time.

A key feature of cloud backup restorations is that they can be done anywhere from nearly any kind of computer. For example, an organization could recover its data directly to a disaster recovery site in a different location if its data center is unavailable.

Types of backup

In addition to the various approaches to cloud backup, there are also multiple backup methods to consider. While cloud backup providers give customers the option to choose the backup method that best fits their needs and applications, it is important to understand the differences among the three main types.

1. Full backups copy the entire data set every time a backup is initiated. As a result, they provide the highest level of protection. However, most organizations cannot perform full backups frequently because they can be time-consuming and take up too much data storage capacity.
2. Incremental backups only back up the data that has been changed or updated since the last backup. This method saves time and storage space, but can make it more difficult to perform a complete restore. Incremental is a common form of cloud backup because it tends to use fewer resources.
3. Differential backups are similar to incremental backups because they only contain data that has been altered. However, differential backups back up data that has changed since the last full backup, rather than the last backup in general. This method solves the problem of difficult restores that can arise with incremental backups.

Pros and cons

Before choosing cloud backup as a backup strategy, it is important to weigh the potential pros and cons that are associated with using a third-party to store data. The advantages of cloud backup include:

• Generally, it is cheaper to back up data using a cloud backup service compared to building and maintaining an in-house backup operation. The associated cloud backup costs will rise as the volume of backup data rises, but the economies are likely to continue to make cloud backup an attractive choice. Some providers may offer free cloud backup, but the amount of backup capacity typically has a storage limit, which makes free backup appropriate for some home users and only the smallest of companies.
• The cloud is scalable, so even as a company's data grows, it can still be easily backed up to a cloud backup service. But organizations need to be wary of escalating costs as data volume grows. By weeding out dormant data and sending it to an archive, a company can better manage the amount of data it backs up to the cloud.
• Managing cloud backups is simpler because service providers take care of many of the management tasks that are required with other forms of backup.
• Backups are generally more secure against ransomware attacks because they are performed outside of the office network. Backup data is typically encrypted before it is transmitted from the customer's site to the cloud backup service, and usually remains encrypted on the service's storage systems.
• Cloud backups help lower the risk of common data backup failures caused by improper storage, physical media damage or accidental overwrites.
• A cloud backup service can help to consolidate a company's backup data because the service can back up main data center storage systems, remote office servers and storage devices, and end-user devices such as laptops and tablets.
• Backed up data is accessible from anywhere.

Despite its many benefits, there are some disadvantages and challenges to using a cloud backup service, including:

• The backup speed depends on bandwidth and latency. For example, when many organizations are using the internet connection, the backup could be slower. This could be bothersome when backing data up, but could be an even greater issue when it is necessary to recover data from the service.
• Costs can escalate when backing up large amounts of data to the cloud.
• As with any use of cloud storage, data is moved outside of an organization's buildings and equipment and into the control of an outside provider. Therefore, it is incumbent to learn as much as possible about the cloud backup provider's equipment, physical security procedures, data protection process and fiscal viability. 

Best practices

While strategies, technologies and providers widely vary, there are several agreed upon best practices when it comes to implementing cloud backup in the enterprise. In general, a few guidelines are:

• Understand all aspects of the cloud backup provider service-level agreement (SLA), such as how data is backed up and protected, where vendor offices are located and how costs accumulate over time.
• Do not rely on any one method or data storage medium for backup.
• Test backup strategies and data recovery checklists to ensure they are sufficient in the case of a disaster.
• Have administrators routinely monitor cloud backups to make sure processes are successful and uncorrupted.
• Choose a data restore destination that is easily accessible and does not overwrite existing data.
• Make decisions about specific data or files to back up based on the criticality of the information to business operations.
• Use metadata properly to enable the quick location and restoration of specific files.
• Consider using private encryption for data that must stay confidential.

Special considerations 

When choosing a cloud backup service provider, there are a few additional considerations to weigh. Some companies have special needs related to data protection, but not all cloud backup providers are able to meet those needs. For example, if a company must comply with a specific regulation such as HIPAA or GDPR, the cloud backup service needs to be certified as compliant with data handling procedures as defined by that regulation. While an outside firm provides the backup, the customer is still responsible for the data, and could face serious consequences -- including steep fines -- if the cloud backup provider does not maintain the data appropriately.

Data archiving is another special consideration when selecting a cloud backup service. Archiving is different from routine data backup. Archived data is data that is not currently needed but still needs to be retained. Ideally, that data should be removed from the daily backup stream because it is likely unchanged and it unnecessarily increases the volume of backup data transmissions. Some cloud backup providers offer archiving services to complement their backup products. Archive data is generally stored on equipment geared to longer retentions and infrequent access, such as tape or low-performing disk systems. That type of storage is generally less expensive than data storage used for active backups.

Cloud backup vs. cloud DR

Cloud backup and cloud disaster recovery are not the same, but they are connected. While cloud backup services can be tapped to recover data and resume operations after a disruptive event, it should be noted that they are not necessarily specifically oriented to provide all the advanced features and services that a true DRaaS offering would provide.

For example, to use the data that was saved to a cloud backup service to recover from a disaster, it would have to include much more than just data files, such as operating systems, application software, drivers and utilities. Users would have to set up their backup routines to include those elements specifically, such as by mirroring entire servers to the cloud backup service.

More importantly, a true DRaaS not only has the data and system and application software ready to be accessed, it also provides the necessary servers -- physical or virtual -- and storage resources to spin up the clients' servers and applications so that they continue to operate and carry on with their business.

An organization must consider if the disaster recovery provider has enough bandwidth and resources to handle the data transfer, and thus how long it will take to perform a recovery. Testing is important and often easier than with traditional disaster recovery, because many providers offer automated tests.

A cloud backup provider may also offer disaster recovery in the cloud. Cloud disaster recovery is particularly attractive for smaller businesses that do not have the funding or resources to support their own DR site. The cloud data center should be far enough away from the organization using it to ensure recovery from any disaster.

Cloud vs. local backup

When looking into data backup options, two main product categories are cloud backup and local backup. Local backup, also known as traditional backup, is the process of storing a copy of data on-site at the organization. In this approach, backup software is used to manage and copy the data to hardware such as tapes, disks or network-attached storage devices.

In the enterprise, cloud data backup services were initially used for noncritical data. Traditional backup was considered better for critical data that requires a short recovery time objective (RTO) because there are physical limits as to how much data can be moved in a given amount of time over a network. When a large amount of data needs to be recovered, it may need to be shipped on tape or some other portable storage media. However, with most cloud backup schemes -- whether controlled by a user's backup software, the cloud backup service app or a backup appliance -- the most recently backed up data is retained on site as well as spun off to the cloud service. This arrangement provides all the benefits of cloud backup while leaving a local copy of the data that can be used for quick recoveries.

Tape backup requires data to be copied from a primary storage device to a tape cartridge. Cartridges have grown dramatically in capacity in recent years. LTO-8 tapes, released in late 2019, can store 12 TB of uncompressed data and 30 TB compressed. Tape is a strong storage medium in an age of exponential data growth. In addition to their capacity benefits, tapes are comparatively inexpensive to own and operate. However, the restore process can be slow because access is sequential.

While the cloud appears to offer unlimited storage capacity, costs rise dramatically depending on how much an organization needs. Although access is not sequential like with tape, restore times still depend on the internet or private communications lines, and require an appropriate amount of bandwidth. Cloud service providers take some of the backup management work out of the process for organizations. The process of backing up to tape and maintaining the cartridges is essentially up to the organization. There is more flexibility in the process of restoring from cloud backup because an organization can restore to several different devices, including laptops and phones.

Cloud and tape both provide protection from cyberattacks, such as ransomware. Cloud backups are useful in the event of an attack because they are off-site. Tape backups are even more secure because they are offline.

Disk, while not as portable as tape, is another common medium for backup. The biggest benefit to a disk is access speed. Disks offer random access and often top cloud and tape for restore speed. Disk-based backups are typically performed continuously throughout the day, while tape backs up less regularly. A disk-based backup is self-contained, with less personnel interaction than with tape, making the risk of human error smaller. Disk-based backups can be expensive, often costlier than tape or cloud. The life span of disk is shorter than tape, and its durability is weaker than that of tape. As long as the service provider is still in business, the life span of a cloud backup could be longer than that of disk or tape.

NAS backup uses a type of appliance that connects to a network, rather than a desktop or server, to accomplish a local backup. These appliances allow multiple devices and users on the same network to store, access and share data wirelessly. Both NAS and cloud backup offer strong data protection, high security and efficient recovery times, but since NAS appliances are located on the same local area network (LAN) as the devices being backed up, NAS backups are quicker to perform than cloud backups. However, cloud backups can provide a lower initial cost and a higher reliability in the case of on-site disasters.

The following chart helps to illustrate when cloud data backups should be considered as a viable option.

With a proper retention policy, cloud backups can reduce or even replace the need for off-site tape data storage, so organizations are making the switch from disk-to-disk-to-tape (D2D2T) strategies to disk-to-disk-to-cloud (D2D2C).

Flexibility is another benefit of the cloud because no additional hardware is needed.

File sync and share

There is often confusion among the definitions of cloud backup, cloud storage and cloud sync, often referred to as file sync and share (FSS). There are similarities among the three, but they are different processes.

File sync and share services allow users to create folders online where they can store and access files stored on personal computers and servers. As the name implies, these services can automatically update files to their latest versions whether online or stored locally. They also make it easy for file sharing with colleagues or clients, and to work collaboratively. Cloud sync providers include Box, Dropbox, Google Drive and Microsoft OneDrive.

Some companies rely on file sync and share services to back up their data as well. While this approach might be acceptable for a small amount of data, it is not appropriate for large data volumes or a company's critical data as these services tend to lack the types of management and control features the cloud backup offers. Also, given their user-oriented approach to data handling, data may become vulnerable if mishandled by sync and share participants.

Cloud backup vs. cloud storage

Although they share similarities, they aren't the same thing. Cloud storage is a service model in which data is stored on remote systems. Data in cloud storage is available to users over a network, typically the internet. Benefits of cloud storage include global availability, ease of use and off-site security. Potential drawbacks range from performance issues depending on network connection to loss of complete control over the data to escalating costs over time.

There are three main types of cloud storage: public, private and hybrid. Public cloud data is stored in the service provider's data center. Customers pay based on several factors, including frequency and volume of data accessed. The top three public cloud storage providers are Amazon, Google and Microsoft. Private cloud storage is typically through in-house storage protected behind an organization's firewall. Private cloud users often need more customization and control over their data. A hybrid model is a mix of public and private cloud storage.

How cloud backup works

As cloud backup is a service that sends an extra copy of an organization's data over a network to an off-site server, the typical user shouldn't need to access that data on a regular basis. Cloud storage, though, is for more regular use.

Cloud storage itself should have backup. For example, an organization could back up data it has in AWS or Microsoft Azure with the provider's native backup or use a third-party tool.

Archiving is a good use case for cold cloud storage, but only to a point. The infrequently accessed tier of cloud storage provides a comparatively cheaper cost to store data that an organization must keep but doesn't need to regularly access. However, organizations should tread carefully here, because costs add up as volumes rise and the price to get data out is high.

Hybrid cloud backup

Hybrid cloud backup providers connect traditional backups to the cloud. This strategy is useful for organizations that produce a large volume of data and need quick restore access. With one approach, a NAS appliance serves as a local backup target and syncs backup data to the cloud. When an organization needs a quick restore, the data is available in the on-site NAS. If an organization loses its primary site, the cloud backup is still available, protecting against data loss. This method can also be referred to as D2D2C backup. In another hybrid approach, an organization uses both the public and private cloud for backup.

It is difficult to get data consistency with hybrid cloud backup, especially if the data transfer takes a long time. Point-in-time snapshots and continuous backups help, but costs rise as backup frequency increases.

Comparatively, in a pure cloud backup scenario, backups go directly to the service provider's cloud.

Cost

Third-party cloud backup initially gained popularity with SMBs and home users because of its convenience. Today, cloud backup services have become more sophisticated and can offer the same level of data protection, if not greater, as in-house data backup.

The technology has an initial upfront cost to implement, but its lower monthly or yearly payment plans appeal to many smaller operations. Capital expenditures for additional hardware are not required and backups can be run dark. However, the cost of keeping data in the cloud for years does add up. In addition, costs rise as the amount of data backed up to the cloud increases. A system of effective data grooming and archiving can help keep costs down.

In terms of return on investment, it is important for an organization to consider the long-term costs of backing up to the cloud. A five-year projection is recommended to properly estimate future expenses and to decide whether the cloud will help an organization break even after initial costs. After these costs are offset, ROI on cloud-based backups can be determined.

Pricing models vary by vendor, but it is important to look out for hidden costs in cloud backup services. While most products for backing up to the cloud are sold using a price-per-gigabyte-per-month payment model, providers can also use a sliding scale model, set usage minimums and add transaction costs.

Security

Security is an important element in the cloud backup process. The three main considerations are often referred to as the security CIA: confidentiality, integrity and availability.

Most data will move across the public internet on its way to the cloud, so for confidentiality, many cloud backup providers encrypt data throughout the process: at the original location, during transit and at rest in the provider's data center. A user or the provider holds the encryption key. Most organizations prefer to hold their encryption keys, and providers should offer this option. Types of network encryption include Secure Sockets Layer and Transport Layer Security protocols.

For integrity, users must determine if data is the same when it is read back or if it was corrupted. Object storage offers built-in integrity checks.

Availability takes the restoration process into account. It asks: Will data be available in a timely fashion in a disaster recovery situation?

Access control is also important. An organization tightens security by limiting access to cloud backups. Furthermore, write-once, read-only access protects backup data from being overwritten, altered or deleted.

Vendor options

Approaches to online backup services vary, so an organization should take a close look at SLAs, pricing plans and long-term costs before choosing a provider. Examples of cloud data backup vendor options include the following:

• Acronis offers Cyber Backup Cloud, a hybrid cloud backup-as-a-service product. Acronis Cyber Backup Cloud protects virtual, physical and cloud environments, and includes a pay-as-you-go business model.
• Arcserve expanded its Unified Data Protection (UDP) offering with its purchase of Zetta. The product includes Arcserve UDP Cloud Direct direct-to-cloud disaster recovery and backup. The cloud protection is targeted at the midmarket.
• Asigra is a cloud backup pioneer. Its Cloud Backup features embedded malware engines to prevent ransomware from getting into backups.
• Backblaze offers personal and business cloud backup, as well as cloud storage. Backblaze stores data on its open source Storage Pods hardware platform and cloud-based Backblaze Vault file system. Backup data through Backblaze is accessible through a web browser on mobile devices and computers. Restores are downloaded over SSLs.
• Carbonite sells to consumers, SMBs and enterprises. The company's offerings back up documents, email, music, photos and settings and are available for Windows and Mac users. In March 2018, Carbonite acquired rival Mozy from Dell EMC and incorporated its services into its offerings. In 2019, Carbonite bought cybersecurity vendor Webroot. Later in 2019, content management vendor OpenText acquired Carbonite.
• Druva cloud backup features three major offerings. The enterprise-level Druva inSync is targeted at endpoints and backs up data across physical and public cloud storage, while Phoenix is a software agent used to back up and restore data sets in the cloud for distributed physical and virtual servers. In addition, in 2018, Druva acquired CloudRanger for AWS data protection.
• IDrive cloud backup is geared toward consumers and small businesses and includes snapshots, a syncing service and hybrid data protection.
• Microsoft Azure Backup automatically sends backups to the Azure cloud. Azure Site Recovery automates replication to back up private Windows infrastructure.
• Unitrends allows customers to back up indefinitely to its private cloud with Forever Cloud. It offers several disaster recovery as a service (DRaaS) options for recovery.
• Veeam Software provides cloud backup through its Cloud Connect product. Service providers can partner with Veeam to create a backup and recovery target in the cloud.

This was last updated in August 2020

Continue Reading About What is cloud backup and how does it work?

• Explore why cloud backup is a good option for small businesses

• Cloud backup can help remote workforce

• Be careful with cost of cloud backup as data volume grows

• Handbook details cloud backup services and ransomware protection features

• How cloud storage providers stack up for backups