Fotolia

Cloud-to-cloud backup: When native cloud protection is not enough

There is a certain amount of protection built into cloud services, but it has its limits and full data protection requires that cloud data is secured with cloud-to-cloud backup

Businesses that opt to store data in the cloud do so for its resilience, as well as lower cost.

Cloud infrastructure providers can invest in higher standards of security, hardware redundancy and business continuity than most end-user organisations. After all, running the service is the cloud provider’s business, and reliability is essential to its success.

But using the cloud is not without risk. That is why you need to look at cloud-to-cloud backup.

Cloud providers are not immune to outages, or to cyber attacks. And cloud infrastructure, platform and SaaS (software) services typically only protect their own data and infrastructure. They will not back up or recover an individual business’s files, databases or virtual machines unless the customer specifically buys those services.

So, if organisations want comprehensive backup and recovery for their cloud infrastructure and applications, they need to set those up separately.

What is cloud-to-cloud backup, and why it is needed?

Cloud providers secure their own systems and data as part of their own business continuity planning. However, their direct support for customer data is limited.

Some cloud service users – wrongly – believe that the cloud offers backup and data protection. It is more accurate to say that the cloud offers resilience and reliability – levels of reliability and availability can exceed those most that organisations can build themselves. But they do not, as standard, offer the granular backup and recovery services that firms need to recover lost files or restore applications.

“Look at the SLAs [service-level agreements] for what the cloud provider actually guarantees,” says Tony Lock of analysts Freeform Dynamics. “It doesn’t say that they guarantee your data is not going to have problems. They will try to protect their whole system, but they are not going to look at your specific data.”

IT teams can, of course, make local backups of cloud files and store them on on-premise hardware. And software-as-a-service offerings, such as Microsoft 365, work with tools such as OneDrive to provide at least some basic protection if they are configured correctly. But these do not provide all the resilience that enterprises need.

There is now a growing market for cloud-to-cloud backup services, with options ranging from the simple and DIY to comprehensive backup plans capable of handling terabytes of data across multiple clouds.

Cloud-to-cloud backup services work by copying data already in the cloud, to cloud storage.

There is already a well-established market for backup from on-prem to the cloud, with backup and archiving one of the primary use cases for cloud storage.

Both backup tool and cloud storage suppliers are extending this into tools and services that copy customer data directly to a secondary cloud location. Most do this seamlessly, with the option to pick one or more cloud storage services as the backup target.

Read more on cloud data protection

Of course, IT teams could design and run their own cloud-to-cloud backups, using scripts and cron jobs.

“You might have people who are building their own services, and have data in one cloud,” says Lock. “They want it in another cloud. The other cloud might be just in a different geographical region. It could be for latency issues. It could be even that you just want to make sure that not all your data is in one cloud provider’s basket.”

Lock says CIOs will want another copy of their data, with the service provider, locally or with another cloud storage supplier.

“If it’s things that you’ve built yourself, you might have the means for doing granular recovery to another location by doing mass data transport, or moving only changed instances, or you could use commercially available data protection software,” he says.

But using a commercial service has the advantages of consistency, because most can handle on-premise and cloud data, and support modelling and testing.

Cloud-to-cloud backups should have another advantage – speed. Because the data is already in the cloud, there is no need to find physical media and recover from it. Also, the backup provider will be able to restore data to a cloud production environment, and even start the process of creating new backups in a separate instance or with a different provider.

IT departments can run the whole process from a single interface, so in a worst-case scenario, they should be able to restore services with nothing more than a laptop and internet connection.

Limitations of cloud-to-cloud backup

Cloud-to-cloud backup can, however, be costly and complex, especially for multicloud deployments.

The biggest costs associated with cloud backups are data egress fees, charged when data is downloaded or copied from the cloud storage location. For rarely used “cold storage”, this cost is manageable. To recover an entire production environment, potentially from/to multiple clouds, it can add up.

“Usually storage costs are low, but sometimes recovery costs can be quite high,” says Lock. “Therefore, make sure you read the small print.”

A further cost is the recovery environment. If an organisation needs to recover data from the cloud to another provider – perhaps in the unlikely event that their production cloud service fails – they face paying for new instances of compute and network resources as well as storage. These costs may well be lower than on-premise hardware and cloud services will certainly be quicker to stand up, but they do need to be planned for.

Firms also need to allow for upgrades to their backup and recovery tools, or potentially migrating to a new tool if their current package does not support cloud-to-cloud backup.

And in the case of recovering to a separate cloud, the speed of network connections can be an issue. CIOs should test this to check whether they can meet recovery time objectives (RTO).

Regulations and compliance

Done carefully, cloud-to-cloud backup should not raise any regulatory issues beyond those that apply to the production environment.

However, firms will need to ensure the backup target meets the security and compliance requirements attached to the original data. So will the recovery environment. PCI-DSS data, for example, will need compliant backups. And data covered by the General Data Protection Regulation (GDPR) needs to be stored in an appropriate physical location.

This is another reason for choosing a specialist cloud-to-cloud backup tool. They give granular control over backup and recovery, including geography.

Cloud-to-cloud backup vendors

A range of backup vendors now offer cloud-to-cloud services. These include Acronis, Asigra, Barracuda, Cohesity, Commvault, Datto (which now owns Backupify), Druva, Veritas and Veeam.

AWS, Azure and GCP also offer backup technologies that can be configured to work on a cloud-to-cloud basis, particularly within their own infrastructure.

Read more on IT governance