Keeping data safe in the remote working COVID-19 world

29/05/20

Keeping data safe in the remote working COVID-19 world

Now that firms have adapted to home working and IT has delivered the wave of change needed to support it, IT managers can turn their attention to some of the ‘health and hygiene’ factors that took a back seat while they were preoccupied responding to the lockdown. Backup is one such consideration.

What has changed and what are the risks?

From the ramp up in provisioning end user kit; allowing the use of personal laptops and other ‘BYOD’; to the rapid adoption or scale-up of collaboration technologies such as Teams, G Suite, Zoom and Slack; and the networking and security required to hook it all together safely, organisations have had to implement a range of steps to get all their workers online. Not only that but the ongoing needs of a wholly remote workforce have fundamentally impacted the support function for many businesses.

Looking at data, users would in an ideal world store all their files on network shares or in collaboration apps but as all IT managers know, it just isn’t that simple. The jump in reliance on devices outside the corporate network inevitably means more data at the edge which – quite apart from the increased security risk – translates into a greater chance of data loss. According to Acronis, 39 percent of personal users “rarely” or “never” back up their devices, and only 12 percent do so daily – compared to 41 percent of professional users.

Data in SaaS is a second issue. The default data retention provisions of the leading services vary widely and – as we found in our 2019 survey – a surprisingly high proportion of enterprises wrongly believe that it is kept far longer than is actually the case. Just one third claimed to know their cloud service providers’ backup and recovery processes in detail whilst almost half of Microsoft Office 365 users believed that email backups were being retained for longer than the standard 14 days.

For many firms, data that was once found only in the datacentre – where corporate retention policies could be enforced using traditional backup solutions – has been moving to the edge and into the cloud for a great deal longer than the current crisis. The COVID-19 lockdown has accelerated that process and brought the new backup challenge into greater focus.

What are the options?

Backing up company laptops and BYOD should now be considered. Of course rolling this out to BYOD is no easy feat – to begin with, you need a clear inventory of what’s out there. The next hurdle is a technology that can integrate with a potentially wide variety of end user devices. There are plenty of vendors specialising in this particular segment of the backup market which might be a good tactical option, but a further consideration is whether adding another technology to your infrastructure stack is the right strategic decision. In 2019, 61 percent of firms said they were already struggling with a complex backup environment, and 66 percent said that a lack of skills has made backup more difficult. An ideal approach would be a solution that covers all bases, but there are few capable technologies.

Turning to SaaS, some of the leading vendors offer an element of data retention by default, but there are significant variations between offerings and even between products in the same suite. A further issue is that some SaaS don’t prevent data from being permanently deleted regardless of the retention settings.

The first step is to get clarity on what the retentions ought to be, usually by reference to the policy for on-premise data. One approach for products that offer the required configuration options is to adapt each one accordingly, although there are a number of challenges here, notably that keeping control of corporate data retention settings across multiple offerings is a headache that’s only likely to get worse over time.

Preferably, a backup solution or service should be considered that integrates with all products – whether on prem, cloud or SaaS – enabling corporate standards to be applied consistently across the environment rather than configured piecemeal. There are very few capable options here, and it’s important to remember that because SaaS offerings in particular are being enhanced so often, backup software vendors are often held back in developing the required integration by the unavailability of the APIs. Complete coverage for every component of every SaaS product in use may therefore be impossible.

Where to store the data?

If on premise backup systems are not capable of dealing with data from end user devices or SaaS, the cloud is a strong candidate for storage, being quick to spin up and less hassle than on prem provisioning. In most cases pumping data into the cloud is from edge devices and SaaS is either free or low cost, but getting it back out is not. That said, typical day-to-day restore needs will not break the bank.

Public cloud tiered storage offers substantial savings for data that is pushed from warmer, more available tiers down to colder, archive tiers. The leading backup technologies make use of auto-tiering (‘lifecycle policies’ or ‘lifecycle management’) and offer broad configuration options to achieve the organisation’s preference in the trade-off between cost and availability.

Organisations face many new challenges now, but backup needn’t be one of them. If you think you do need help adapting your backup to the new world, contact us.

Barnaby Mote