Data protection best practice more important than ever in cloud environment
More data than ever before is being generated and is in circulation. But amid the sudden move to remote work, many organisations may be losing control of enterprise data, and neglecting data backup and protection.
This is according to Johan Scheepers, country head for South Africa at Commvault, who was addressing a Commvault webinar presented in partnership with ITWeb today.
Scheepers noted that the world is now creating more data than ever before, but knows less about it than in years past.
“IDC predicts that 175 Zettabytes (ZB) of data will be generated annually by 2025, which exceeds forecasts made as recently as two years ago. But around 55% of this is ‘dark data’ we have no access to and don’t know about. At the same time, the COVID-19 pandemic has accelerated the move to remote work, the use of multi-cloud environments and Software-as-a-Service adoption, complicating data management.”
A poll of the webinar participants revealed that 67% of participants’ companies already had a multi-cloud strategy in place, and 57% said the situation was becoming more complicated for IT professionals to manage. This follows global trends, which show 84% of enterprises already have a multi-cloud strategy, 66% of IT executives believe the environment is more complex than it was two years ago, and 75% believe most enterprise data will be created and processed outside of traditional data centres by 2025.
Organisations need to sharpen their data security policies and use encryption as a minimum when putting sensitive data in cloud storage.Johan Scheepers
Scheepers said this new working environment, along with growing cyber risk, meant that data protection had to be stepped up.
“There are inherent risks and threats within the cloud. Organisations need to sharpen their data security policies and use encryption as a minimum when putting sensitive data in cloud storage. But they must also focus on the data lifecycle across the movement and retention of data; on compliance; and, importantly, on responsibilities relating to data in the cloud.
“With cloud service providers, there is usually a shared responsibility model for issues such as data loss, admin errors and loss of service. But data loss due to malicious users, ransomware and malware, deactivated accounts and deletion of long term data are usually the customer’s responsibility. So cloud native tools may not be enough,” he said.
“They do not always cover employees leaving the company, longer term retention, accessing data beyond the SaaS subscription, recovery at scale or granularity, recovery from corruption, malware or ransomware, or flexibility to extend recovery time and recovery point objectives.”
He noted that it was important to study the fine print around the burden of management and recovery of data in the cloud, as well as to assess risk and develop solid policies.
“Organisations need to apply traditional on-premise data protection best practice to data in the cloud too,” he said. “Remote working, SaaS and multi cloud policies should cover protection, availability, accessibility, recoverability, management, security and compliance. They need to move from reactive to proactive management and protection, because they are responsible for data on-premise and in the cloud, and anywhere else it resides.”