8 Steps to Simplify Business Cloud Backup

Backing up your data no longer has to be the nightmare it once was. Cloud backup services have made backup a much simpler process, which easily replaces the arcane tape backup solutions that were once the only game in town. Cloud backup is cheaper, more straightforward, and safer than most on-premises solutions.

In the cloud model, all your IT manager needs to do is make sure is that (a) all your target devices, whether disk, PC, phone, or server are supported; and that (b) those targets all have an internet connection. After that, you'll do scheduling and testing from a central console, and each device can download the required client software over the web. You can even automate that task in several different ways. So why is backup still so often overlooked by small to midsized businesses (SMBs)?

Because even with the cloud's new simplicity, being effectively backed up usually requires more than just signing up with a single provider. The backup needs to match every organization's particular needs closely. That means planning and implementation are complicated, so most business managers avoid it.

That's a problem, because adequate data backups have more uses now than ever. Disasters aren't just natural, like a storm that wrecks your office; they can also be a disgruntled employee hitting the "Delete" key when they shouldn't, or having your business infected by one of several kinds of nasty malware. In all these cases, having previous versions of your corporate, customer, and employee data can mean the difference between a minor delay and a major meltdown.

Additionally, backing up your data lets you get up and running after your endpoint protection software determines there's been a breach. And certain malware even requires an excellent backup to defeat. Ransomware is the best example. This type of malware holds your data hostage, usually by encrypting it and then asking for a large wad of cash in exchange for the key you'll need to decrypt it. Sometimes ransomware affects the device that it initially infected, but increasingly it's become smart enough to spread across your network and hold your whole organization's data prisoner.

Having a current backup of everything located off-site with adequate security can help make defeating ransomware easier. Several data backup vendors are putting new features in their software specifically to address ransomware threats. With a combination of security software and regular backups, you'll be able to spot hazards as they occur, expel them from your network, and then revert your network to its most recent and secure state.

To help you get your arms around building an effective backup and data safety plan, we've listed eight steps below that'll make this process more accessible, no matter how big your organization is.

1. Automate Your Backups

You don't want to manually back up your data every time there's a concern. Instead, you should be proactive and set automatic backups to happen on a constant and recurring basis. This way, no matter when a disaster occurs, you know there's a backup sitting there waiting for you. Conversely, manually backing up data means you're relying on your diligence or the diligence of an employee (someone who may get sick or leave the company). If a day, week, or month's worth of backups is missed, you can be in serious trouble if a disaster strikes.

Several companies, including data backup software vendors and operating system builders (like Microsoft with Windows), are now shipping intelligent backup capabilities. These not only keep backups frequent, but they also manage the target device's bandwidth usage intelligently, so your backup streams don't clog your network. These measures have become so sophisticated that many businesses can implement near-continuous backup streams, so your backups are almost available in real time. That can be important not only for disaster recovery but also for staying in compliance with regulatory requirements, like those imposed by HIPAA or SOX.

2. Look for Integrations

While you can build an effective backup strategy using a single cloud vendor, you're even safer if you distribute your backup load across two or even three vendors. When conducting this search, be sure you're picking vendors that integrate with their competitors and with all the applications and cloud services you're using to conduct business. This way, if you need to migrate bits and pieces of your data from Vendor X and bits and pieces from an app from Vendor Y, then you'll be able to slide the information into Vendor Z's platform without having to write new code.

An example here might be the difference between an all-in-one backup solution from a vendor like Acronis Cyber Protect versus a combination-style solution. Such solutions use backup software from one vendor that then stores your data in that vendor's cloud space and another public cloud, like the S3 virtual storage buckets you can get from Amazon Web Services (AWS). In this scenario, you want to ensure that your third-party backup vendor integrates with AWS and that the data you're storing in Acronis can either access the information on AWS or use it as an alternate target.

Integrations worth examining include any service app that stores data valuable to your business on the cloud services side. That includes not just productivity software, like Google Workspace, but also more reliable operations apps, such as Quicken Deluxe or Salesforce. To grab data stored in such silos, your backup provider must provide a dedicated connector, so make sure those are available for the apps you need.

3. Create Multiple Copies in Multiple Regions

It's vital to create copies of your data in multiple regions, primarily if you operate across more than one locale. For example, if your New York-based company has offices in the United Kingdom and Spain, you should probably have multiple copies of your data stored in New York, the UK, and Spain. This practice can safeguard against location-based disasters and also file-level problems. If New York and Spain can't access your company data, the UK will still have access and share it with the other locations.

Areas of caution include redundancy and compliance. You need to ensure that any redundant data copies are entirely separate, which is challenging to do if you're only using one vendor. A single vendor might store your data twice in the same data center, which wouldn't do you much good if that data center went down. You also want vendors who store data in different regions and which understand how to make sure you comply with the laws of each region before you find out the hard way.

For small businesses, the same logic applies. Although you might only have one location, you can still save multiple versions of your backups, and you can still diversify where and how the data is saved. Most data backup apps have settings that let you automate backups to multiple locations, so it's often just a matter of point-and-click. And if you don't want to save your data to yet another cloud service, you can still get much the same effect by saving an extra copy to a local, on-premises resource, like a network-attached storage (NAS) device.

4. Check Out the Public Cloud

Most backup vendors will push or even require you to store your primary backups in their clouds. However, many don't have their own clouds; instead, they lease them from larger public cloud vendors, like AWS or the Google Cloud Platform. That's an important consideration, because you'll want to know where those leased data centers are. You'll also want to know which clouds your backup vendor is using if you're going to use the same public cloud provider to store a redundant backup copy. Again, if you wind up keeping redundant copies in the same physical place, they're not as effective or even entirely useless in the event of a disaster.

Talk to your backup provider about how you can go about using its service to store backups in other clouds. Sometimes this is easy; for example, if the backup service already has a connector for the target cloud. If not, you may have to roll your own, but for that, the backup vendor will need to have an application programming interface (API) available. You might even consider foregoing a dedicated backup vendor and checking out the backup capabilities offered by many of the larger public cloud vendors.

With public cloud infrastructure, all you need to worry about is managing the dashboards that vendors like Microsoft and Amazon provide. They'll deal with the local administration, hardware problems, and data recovery issues your IT staff would have to manage if an issue were to occur on-premises. If you choose to go with a hybrid or private cloud, you'll end up managing your dashboard and specific aspects of the cloud and local infrastructure. This is going to be more complex than purchasing a dedicated backup service subscription, so sit down with your IT staff and make sure it's the right way to go.

5. Engage Services That Focus on Data Safety

The cloud has become a fantastic aid to companies looking to quickly and easily implement a reliable backup strategy. Prices are low, open standards have replaced proprietary technology, on-site hardware requirements are low or even nonexistent, and you can access or even fully restore your data from practically anywhere. But there's one weakness that cloud backup services have that even a venerable old tape drive doesn't suffer from: They're in the cloud.

The cloud's primary data safety weakness is similar to putting your money in a bank instead of burying it in the backyard. To find it that buried loot, bad guys need to know you've got it, that you planted it, and where. The bank is a far easier target because the black hats know there's money in there; all they need to do is get to it. It's the same for backup services. Hackers know there's a wide variety of potentially valuable data on a backup vendor's servers. Fortunately for banks, they have alarms, big steel safes, and other security measures to keep your money much safer than a couple of feet of dirt behind your house. Make sure your online backup service does, too.

For backup services, that includes a service level agreement (SLA) that details what security measures the vendors uses and how they're enforced. The key features you're looking for include encryption, encryption, and, just for variety's sake, a little more encryption.

There are two stages when data needs to be encrypted: when it's at rest and when it's in transit. Data at rest refers to the data that's been backed up up and is now sitting on the service's cloud servers, waiting for you to restore it. It needs to be encrypted, preferably in such a way that even the backup vendor's IT pros managing the service can't read it. But that's just the start.

You also want to your data encrypted while it's in transit. That means whenever you do a backup and those agents you've installed on all your endpoints start sending data to the cloud, that data needs to be encrypted for the entirety of the journey, usually via Secure Sockets Layer (SSL). Some services, even today, skip this step because it's easier on their back-ends to simply transmit data without encryption. Make sure you're not signed on with one of those.

Finally, encrypt data on your endpoints while it's on-premises, too, not just when it's backed up to the cloud. Whether those endpoints are using Windows or macOS, encryption is now a built-in option, so make use of it. Test it with your backup service so you know the data can go from hard disk to cloud and back to hard disk and still be fully usable by your employees. In the worst case, your data will get encrypted twice, once on the users' hard disks and once with the backup service, but that can only keep it safer and shouldn't impact backup or restore times adversely.

6. Don't Ignore Other Data Security Measures

Encrypting your data is merely a starting point for data safety. It might seem strange to worry about data security so much as part of the backup, since backups are a big part of that equation. Still, in the cloud service model, we're talking about storing your company's most valuable information on someone else's infrastructure. So you need to know what's happening to that data after you've backed it up.

That means you want to make sure that whatever vendor you're using, either for software or storage, understands and is fully compliant with any regulatory requirements that affect your business. HIPAA and GDPR are two prominent examples, but there are dozens more depending on your industry. Sit down with your legal staff, list your requirements, and then query potential backup vendors and find out how they address these asks before purchasing. Amazon is an example of excellence here, with a site devoted to nothing but detailing all its compliance capabilities.

Finally, you also want to confirm your vendor's data privacy capabilities for those storing data on public infrastructure. In public infrastructures, data from multiple customers is stored on the same hardware in "multi-tenant" architectures. That means your data is squashed in with terabytes of data from other customers, but to you it seems as though everything is dedicated to your company. That's as it should be, but make sure the vendor supports data privacy features, meaning strong access controls and the ability for you, the customer, to control where data is stored in its data centers and (very important) exactly who has access to it.

7. Check Out Analytics and Collaboration

Although backup and recovery were once processes used to rectify data loss after a disaster, today's software lets these systems provide more complex and proactive services. For example, if your company is asked to provide data to legal authorities, you can use data backup and business analytics tools to pinpoint the needed data. Then you can present the information while your company is up and running, rather than shutting down your entire business and handing over your physical servers, laptops, and smartphones while an investigation occurs.

Another feature that's fast becoming popular due to the pandemic is a cloud backup service's collaboration features. These revolve primarily around file-access collaboration. Unlike a tape drive where you could generally only perform a full restore of the entirety of what was stored on that tape, a cloud service provider can give you access not just to individual files, but also to snapshots of that file over time.

So, for example, if your sales staff has been working on an important pitch document for several weeks, that document has likely been backed up up several times. Some vendors will keep all the versions of that document, not just the most recent one. So if something got dropped from an early version and suddenly your VP of Sales decides she wants it, she can simply log into the backup service, navigate to the appropriate folder, and choose from multiple file versions. That kind of file sharing is a quick-and-dirty collaboration strategy, but one that's quickly becoming important for companies whose workers have suddenly left the office and are now working from dozens of home locations.

When checking out these capabilities, see how far the vendor goes. A basic backup vendor will likely only offer file-level access and versioning. But a more sophisticated storage and file sharing vendor, like Dropbox Business, will have more to offer, like document conversion and inline editing across multiple users.

8. Give It a Whirl

Finally, make sure to test your backups regularly. Set-and-forget is a trap into which many SMBs fall when it comes to backup. Most backup apps are almost entirely automated, so it's easy to forget they're working, especially when most of that work is probably happening after hours. However, it's essential to take 30 minutes now and then and make sure that (a) the data you need to have backed up is being saved; and (b), just as important, that you can recover that data within the time frame you're expecting.

Just because your backup logs indicate a backup was performed on X date at Y time, doesn't necessarily mean everything is fine. Transmission to the cloud might have been spotty or broken, or perhaps the files you saved somehow became corrupted. That's not something you want to discover the day you need to access your backup files. So, take a few minutes and restore a few files from your most recent backup now and then so you know for sure everything's working.

Most hardcore IT professionals will counsel a monthly or even weekly test of the backup process, but that's coming from folks who work in IT. If you have an IT staffer in your company, then, by all means, testing monthly is probably your best balance between data safety and IT workload overkill. Even if you're a small business owner without IT staff on board, however, once a quarter should be your minimum testing schedule.

What Is Two-Factor Authentication?