March 18, 2020

Data protection in the cloud: Priorities in today’s digital economy

By Jasmit Sagoo

What businesses want from the cloud is changing. Pure cloud adopters fear vendor lock-in and are increasingly seeking to spread risk by embracing multiple cloud providers.

In fact, our own research found that more than half (58%) of companies that currently use one cloud provider plan to expand their portfolio across multiple cloud platforms. Multi-cloud is more than just a buzzword within the IT industry: a vendor-agnostic approach can help to minimise costs and give organisations the freedom to deliver the best and most responsive customer experiences.

Meanwhile, those running a hybrid cloud model have the option of operating their most critical workloads on-premises and using cloud platforms for data that feeds customer-facing applications.

To hedge their bets, some companies choose to implement a hybrid and multi-cloud approach, an approach which is growing in popularity. Organisations are increasingly using on-premises sites as well as a multitude of cloud environments to ensure they have the best service outcomes whatever the circumstances.

Trouble in paradise: Data protection and the cloud

As they continue their migration to the cloud, organisations have come to realise that different workloads are better suited to certain IT environments. When used strategically, these environments deliver a combination of greater speed, flexibility, agility, security and savings.

A multi-cloud strategy has all the agility and scalability of the cloud without depending on a single provider. It gives businesses the ability to move workloads to other clouds in the event of a disaster. A hybrid approach, meanwhile, allows an organisation to reduce unexpected cloud costs and customise certain applications further than what’s possible in the cloud.

However, if organisations aren’t careful this greater flexibility comes at a price. Hybrid and multi-cloud environments can become extremely complex: an application may have its tiers residing on multiple different clouds or physical data centres. This complexity only increases with the number of environments and applications businesses have. A highly complex and fragmented data environment is difficult to monitor and control, providing many points for failure and intrusion.

Businesses risk fragmenting their data management strategies and toolsets if they don’t utilise solutions that can operate in hybrid environments, resulting in numerous overlapping and contradictory policies. Without a unified approach to data management and protection, businesses may find inconsistencies in not only the tools they use but also in their data retention policies, encryptions of data and most importantly, recovery of their data in critical situations.

Many cloud service providers (CSPs) offer data protection services in a bid to become more competitive and to capitalise on growing awareness around data protection. However, coverage differs drastically between providers when what organisations need is consistent, reliable and comprehensive protection across all environments. In short, companies can’t rely solely on their CSP to keep their data safe.

It’s worth remembering that data protection regulations like GDPR place responsibility for data loss on the organisation, not its cloud provider. Those that fall foul of the regulator face the prospect of considerable fines, reputational damage and the risk of shrinking market share. The only solution is for companies to take responsibility for their own data protection. A critical part of this is having a strong, well-defined data backup plan in place.

Preventing data downtime

A multi-cloud strategy can help spread the risk when it comes to downtime – if an application environment goes offline, it can be switched or failed over to run in another environment. The challenge always occurs should multiple complex applications go offline. How would businesses recover their mission-critical services within the agreed SLA?

Organisations need to plan on implementing both application and data availability but also application and data resiliency. The nirvana would be to have it completely automated.

Organisations must also contend with ransomware. Once malware infects their system, it spreads like a virus. Ransomware can surge across a company’s network, knocking out any onsite data centres one minute and blocking access to their private cloud the next. If a ransomware attack can’t be contained, it rarely matters how many different environments you run.

A multi-cloud approach may be more flexible and efficient than relying on a single cloud, but its many moving parts can make security and governance difficult. To resolve this, organisations need a backup plan. Backing up the most crucial data and services ensures that any business interruption, whether it’s caused by a server outage or ransomware attack, won’t stop a business in its tracks or incur massive costs while they wait for systems to come back online.

The first step in delivering a strong backup plan is visibility. Organisations cannot protect what they cannot see. When data is visible it is easier to protect under a single, consistent set of policies, so investment in tools that link together disparate data environments and the infrastructure that supports it is vital for success.

The next consideration must be around simplification. Designing and implementing a data backup plan for every environment is time-consuming, counter-productive and inefficient. Every time a company’s policies change, they’ll have to be implemented individually for each environment at considerable cost. Businesses should seek a platform that can simplify and automate this process, rolling out consistent policies across their entire application and data estate.

When it comes to data, organisations cannot afford to take any risks. It needs to be managed and protected against loss and malware. The need for consistent and superior governance, protection and resilience across all environments at all times is essential. Something made even more challenging given today’s highly complex, hybrid and multi-cloud environments.

However, adopting a unified data services platform that ensures businesses have full visibility into what data they have, where it’s located, whether it’s being protected, as well as how valuable or risky it is, helps maintain critical business services, regulatory compliance and improved customer experiences.

It can help keep data and applications highly available and always protected, with insights that can create operational efficiencies and new opportunities, delivering real peace of mind. In today’s digital age, being prepared for worst-case scenarios and having full confidence that your most valuable digital assets won’t be compromised, is priceless.

Read more: Managing the double-edged sword of the cloud: Security vs productivity

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: