“CBaaS” just rolls off the tongue, doesn’t it?
However you abbreviate it, your organization almost certainly has a pressing need for cloud backup as a service — whether you know it or not. And that need is almost certain to increase as the world grows more interconnected and the global digital threat landscape darkens.
If you’ve yet to devote significant attention or resources to a scalable cloudMSP backup solution, or even consider why your organization needs this essential investment in its future, you’ve come to the right place. In the following sections, we’ll take a deep dive into 12 common use cases for cloud backup as a service, along with some pointers to get your feet under you in the often-confusing world of digital security.
1. Natural Disaster Recovery
Nowhere on the face of the earth is completely safe from natural disasters. As this Red Cross map of common natural disasters by U.S.region shows, risk follows wherever you go.
For people paid to think about data security for a living, and those paid to manage them, the price mix of natural disaster risk doesn’t much matter. Fires, floods, tornadoes, hurricanes, earthquakes — all are destructive in their own way.
More to the point, all are disruptive in their own way. And if you’re housing physical servers and storage media under just one roof, a natural disaster is a sure recipe for disruption.
That’s where cloud backup as a service comes in. Sure, the “cloud” is just a dispersed network of physical data centers, transmission infrastructure, and endpoints. But, also: the “cloud” is a dispersed network of physical data centers, transmission infrastructure, and endpoints. By its very nature, geographically diverse cloud backup as a service solution protects against the near-certainty that, given enough time, your centralized data hub will sustain a hit from Mother Nature.
2. Manmade Disaster Recovery
For every outburst from Mother Nature, there’s a manmade disaster lurking around the corner.
This isn’t actually true, but it sure feels like the case sometimes. And it might as well be the reality for data security professionals whose jobs consist largely of putting out one natural or human-caused fire (or flood, or kinetic attack, or — you get the picture) after the other.
If your primary place of business is knocked out of commission by an intentional or unintentional manmade disaster — say, a brownout due to aging electrical infrastructure or civil unrest in the neighborhood — you need to be able to turn up your operation from a remote location while ensuring that absolutely no data is lost or compromised along the way.
Whether it takes a few hours or a few weeks to bring your central hub back up to speed, you can rest easy in the knowledge that you’ve got backup.
Ransomware is an increasingly troublesome form of malware that’s worth calling out with special urgency. The precise contours of ransomware attacks may vary by incident, but the process generally unfolds as follows:
- The victim clicks on a malicious link or downloads a malicious attachment containing the ransomware
- The program goes to work, locking the victim out of his or her machine
- In non-localized attacks that spread between multiple endpoints, this process repeats ad infinitum
- The program demands “ransom” payments from victims, usually the equivalent of a few hundred U.S. dollars in cryptocurrency
- The infected machines — and the data they contain — remain locked unless and until ransom is paid
- If victims fail to pay, affected data not backed up to the cloud or physical storage devices is effectively lost forever
It doesn’t take a data security expert to see why remote, cloud-based backup is an essential tool for combating ransomware. And it doesn’t hurt that your cloud backup as a service solution’s built-in ransomware defense is likely to pay for itself after a single non-localized incident.
4. Non-ransomware Malware Attacks
Ransomware isn’t the only malware threat your company is likely to face in the months and years ahead. The digital threat landscape is rife with a slew of nasty malware threats. Even if it’s not your job to personally assess and mitigate digital threats, you can’t ignore what’s coming. At minimum, you need to understand the key differences between:
- Viruses, the most famous type of malware (though, notably, not the oldest)
- Worms, which wreak havoc on organizations and their clients by self-replicating via email
- Trojans, which conceal their true identity behind apparently legitimate facades (fake anti-malware programs are common vectors, ironically)
- Stealth programs, which manipulate operating system code to outfox anti-malware programs
- Fileless attacks, which have no discernable vectors and are thus particularly difficult to anticipate
- Spyware, which discreetly monitors end-users via screen capture and keystroke logging — a major threat for IP-dependent businesses operating in sensitive industries
You also need to understand how each type of malware could impact your organization’s day-to-day operations. And, perhaps most importantly of all, you need to be keenly aware of the unique risks of data loss associated with each type.
Of course, knowledge in the absence of action isn’t worth much at all. You know what you need to do: invest in a cloud backup as a service solution that mitigates the downside risk of localized malware attacks.
5. Human-caused Data Loss (Human Error)
Believe it or not, human-caused data loss — human error — is the leading cause of data loss. That’s according to a report by the International Association of Privacy Professionals.
It’s actually not close. Radar metadata, per the IAPP, indicates that some 92.5% of all data loss incidents and 84.7% of data breach incidents may be classified as “unintentional or inadvertent,” as opposed to “intentional, not malicious” and “intentional, malicious.” In other words, you’re far more likely to lose data — and, with it, your organization’s reputation for sound data management — due to an inattentive employee’s screw-up than a sophisticated cyber attack.
Cloud backup as a service removes the suspense from human activity. Your people might still mess up, but their ability to cause real damage to your organization is limited. Whether you still want them around is another story — thankfully, one you won’t have to make while fielding calls from your crisis communications team.
6. General Database Backup
Newsflash: you don’t have to have a good reason to back up your organization’s databases.
The mere fact that you’ve invested in cloud backup as a service should tell your clients and vendors that you’re serious about safeguarding their most sensitive secrets, even in the absence of legal or logistical compulsion to do so. Don’t be shy about touting your database backup practices; you may well be surprised when your competitors prove unwilling to go toe-to-toe with you on this point.
7. Obsolete Storage Phaseouts
You’re still using tape rolls to store mission-critical data, aren’t you?
There’s no shame in relying on obsolete storage media to house sensitive information, particularly if doing so was previously the only way to safeguard it from the ever-pervasive insider threat.
It’s worth noting that the U.S. nuclear arsenal runs on archaic eight-inch floppy disks, which have been functionally obsolete since the late 1970s. According to a CNN report from 2016, the U.S. government spends something like $60 billion annually to maintain outdated technologies, including obsolete storage media.
In the specific case of the nuclear arsenal, maintaining information that could quite literally end civilization as we know it on essentially un-hackable devices actually makes some sense. Fortunately, you don’t have to devote the GDP of a small country to maintaining out-of-date storage systems when you can turn to a secure cloud-based backup system. So: ditch those floppy disks or tape rolls or CD-ROMs and join the 21st century!
8. Geopolitical Risk
Speaking of geopolitical risk: we’re all doomed in the event of actual nuclear war, but what about not-quite-existential threats that nevertheless portend serious business disruption (or outright failure)?
Unfortunately, such threats are par for the course in an interconnected world. If you do business in multiple countries, or have designs on the same, you need to think seriously about how to insulate your organization from inherent geopolitical risk. Simply avoiding “problem” markets is rarely an option; said markets are often either too big to ignore or too closely tied to other markets in which you may already do business.
The good news: a geographically diversified cloud backup as a service solution gives you the edge you need to mitigate geopolitical risk, including data theft and harassment by state and non-state actors operating across international lines.
9. Global Resiliency
“Only the resilient survive” is as good a mantra as any. After all, the risks of doing business internationally aren’t solely tied to geopolitics. Natural and manmade disasters usually aren’t political in nature; your risk of enduring both increases as you expand your geographical footprint.
Economic risk is another unavoidable aspect of international business. National economies might be more intertwined than ever, but that doesn’t mean currencies and GDP figures move in lockstep across oceans and mountain ranges. Your organization needs a multi-polar risk posture capable of adjusting to multiple fact sets at once. This, in turn, begins with a uniform backstop that lets you focus on making your threat mitigation efforts as nimble as possible.
10. Sector-specific Compliance Requirements
If you operate in a heavily regulated sector, such as finance or healthcare, you’re no stranger to onerous compliance requirements. Even in less regulated spheres, local or national regulatory bodies may require you to retain far more data than you’d like.
Such compliance requirements aren’t optional, of course — not without radically changing your business model, strategy, or both. Given the rate at which sector-specific compliance requirements change, and the endless variation across jurisdictional lines, it’s clear that “more is more” here.
11. Archiving and Records Retention
Your organization is likely subject to general-purpose archiving and records retention requirements, as well.
A common example, these days: if you do business in the European Union — or if your public-facing web assets are accessible to E.U.-based users — you’re almost certainly required to maintain a GDPR-compliant data protection policy.
In spirit, the GDPR is all about preserving consumer anonymity. In practice, it requires compliant organizations to store tremendous amounts of carefully siloed data and metadata, including activity records that might not previously have been preserved. Without a data retention solution capable of scaling to address current and future archiving requirements, you risk non-compliance, with all the consequences that entails.
12. Partner Audits
Smaller organizations have every incentive to pursue relationships with deep-pocketed clients. Operating as a vendor for a Fortune 500 company opens doors and drives growth; what stakeholder in his or her right mind wouldn’t want to accumulate such contracts left and right?
Unfortunately, blue-chip enterprises know full well the security risks that some small-scale vendors bring to the table. Some of the biggest corporate data breaches in history are traceable to vendors with poor data security practices; Target’s infamous 2013 breach came about because a regional HVAC vendor failed to properly safeguard its network. Should you land a similarly high-profile contract, the last thing you want is to wind up making headlines for the wrong reasons.
If and when prospective partners audit your organization for compliance with their own data security and risk mitigation protocols, you’ll want to be able to show that you’ve got the backup piece locked down — whatever the state of the rest of your security posture.
What’s Your Cloud Backup as a Service Use Case?
Are you nodding along yet? Identifying with the dizzying variety of risks and opportunities in an increasingly interconnected global economy?
Look, you and your fellow decision-makers are positioned better than anyone to determine your organization’s precise cloud backup needs. Unique organizations have unique needs; even peer companies that compete closely may find themselves turning up very different backup postures.
What’s indisputable is that your organization has at least some need for cloud backup as a service. You’ve surely identified one or two of the use cases on this list; if you’re being honest, you’ve probably countenanced most.
All that’s left for you to do is choose the cloud backup as a service solution that best fits your organization’s current and projected future needs — and then look ahead to scaling it as you reap the fruits of your labor.