Cloud adoption is in the fast lane and is gaining momentum every day.  We’re not even halfway through 2019 and cloud usage is already 15% higher than it was last year.  This brings up an important question that many IT organizations grapple with. 

Do data protection solutions like Backup and Archiving still make sense in the cloud.  If you are using a reputed and trusted cloud vendor, isn’t it natural to assume that your data is automatically protected from any losses?

We’ve talked to a number of customers and found that there are several reasons that they still need to deploy their own data protection mechanisms even when data is in the cloud

It’s Still Your Data

Almost all cloud vendors work in a model called the Shared Responsibility Model.  This means that, as part of their job of hosting your infrastructure or your application, while they make take ownership for certain tasks, it is most likely not the case that they will take responsibility for data losses.  That is still something the customer remains responsible for.

Here is a useful chart of how the shared responsibility model works depending on the level of service the cloud vendor is providing you.  Almost invariably, data protection remains a customer responsibility.

Apart from the agony and frustration of having to recover lost data, there is also the matter of compliance.  When using the cloud, the organization to which the data belongs is termed the data controller.  The cloud vendor is called the data processor.  The data controller is always held to a higher standard of accountability by regulators and is usually the one that is penalized or fined for data breaches or losses.

Lock-in that locks You Out

Another interesting reason we’ve found that organizations implement their own data protection mechanisms is for the simple reason that they don’t want to place all their eggs in one basket.  They want the ability to have a redundant copy of their data sitting in another cloud – so, they don’t have to feel locked-in or leveraged in the event of a disagreement with the cloud vendor.  It is simply a prudent business practice to follow.

Retention Requirements

One more reason we’ve seen organization implement their own backup or archiving mechanisms is to satisfy retention requirements for audit reasons.  SaaS services many times will have limits on the amount of data they can/will store for each user – e.g. how many emails, or going how far back, or xx GB of storage per user, etc. If these limits are breached, the SaaS service automatically makes older data unavailable.  Some of them do provide enhanced storage limits – but at a steep cost.  Many customers prefer to perform their own archive in an alternate cloud of their choice – on their own terms.

Let us know what you think.  Are there other reasons you’d want to have your own data protection mechanisms?  Write to us – we’d love to have a conversation.

When you make your next big cloud move, it wouldn’t hurt to keep these three points in mind and make the best of the available resources. After all, the sky is the limit if you’re on the cloud!