The three most common cloud backup mistakes and how to avoid them

Cloud computing graphics.
(Image credit: Shutterstock / Blackboard)

Since cloud computing was first rolled out to the public it has been identified as a target for hackers. Bad actors will go after the largest players in the game, pulling down their defenses with apparent ease. Take for example, the instance in which AWS login credentials were stolen by a begrudged former employee and used to delete critical client accounts, which caused their ex-employer $700,000 in losses.

If such an attack sounds detrimental to your business, you can be reassured by learning from others’ past mistakes and recognizing the importance of backups for smooth business operations. Cloud backups are a critical line of defense against data loss; mistakes and oversights in a backup strategy are akin to self-sabotaging your safety net. By neglecting cloud backups business leaders compromise their sensitive customer data, losing customer trust and tarnishing the company’s reputation. Data breaches can result in legal ramifications and financial loss.

So, what are the common mistakes that transform backups from being an assistance to a hindrance?

Jon Howes

VP and GM of EMEA, Wasabi.

1) Failing to construct a well-considered strategy

Too frequently business leaders will substitute a carefully tailored cloud backup strategy for the ‘set-it-and-forget-it' approach. To ensure you are getting the most from your cloud service provider and that your backups are provided the best possible protection it is crucial to understand the nuances of cloud technology and its potential risks.

It may be tempting to go with the first big-name cloud provider at the top of your Google search but not all cloud providers are made equal. They differ in their security protocols, data handling practices, and recovery options so it is best to research which best aligns with your specific backup requirements as determined by your business needs.

A comprehensive cloud storage strategy will encompass regular reviews, frequent testing and adjustments for evolving business needs like changes to capacity, access methods or degree of security depending on new regulatory mandates.

Also important to consider is how frequently backups are completed. A happy medium lies between often enough to avoid data loss but not so regularly that you consume unnecessary storage space. Completing the backup is only the first half of the story; equally as important is the ability to restore that backup quickly and effectively to ensure operations are resumed with minimal disruptions.

2) Neglecting security measures

Once a tailored backup strategy has been decided upon it needs to be implemented within the most stringent security parameters. Over two thirds of businesses suffered a ransomware attack in 2023, according to research by Proofpoint, and backups are a favorite target for ransomware attacks as victims are more likely to pay the ransom if they are locked out of their primary and secondary backups. Hackers will often attempt to delete your backups so you cannot recover the data from them.

Without efficient security measures, your organization's data is left vulnerable to breaches— especially within today’s threat landscape spearheaded by AI. A single layer of security is no longer sufficient. A proactive approach is best when implementing security measures, building an impermeable foundation of protection as opposed to patching up the holes after the fact.

Encrypting your backup is essential to prevent unauthorized access. Similarly, by enabling multi-factor authentication (MFA) you can prevent unauthorized access even when log-in details are compromised. Also, immutable backups — that no user, administrator or third party can delete or corrupt — in the cloud are a proven ransomware mitigation strategy for ensuring that no one can alter or remove your data. Finally, security conscious cloud providers are beginning to develop and offer multi-user authentication (MUA), meaning that if a hacker attains the account holding the immutable backups, they won't be able to delete your stored data without additional authorization from your chosen security contact.

Only by combining encryption, MFA, immutable backups and MUA can you rest assured your organization's data is protected with the most secure tools available, that you have a secure backup you can reconstitute back to your production servers after a cybersecurity incident or accidental data loss, and that you won’t have to pay any ransom.

3) Overlooking storage capacity

A common oversight by cloud users is overestimating the capacity of their storage. Customers are easily misled into thinking that the cloud, and therefore their backups, are limitless. In reality, your backup capacity is capped by your budget. Naivety around storage capacity can lead to data loss when the limit is reached, as well as unexpected, additional cost when trying to secure extra space at the last minute.

To avoid this you should forecast growth, understand your company’s capacity requirements and predict if and when that will ebb and flow. Forecasting not only ensures you have enough space for continuous backups, but on the other end of the spectrum also means you avoid paying for unused space and wasting your company’s resources.

In summary

It is safe to say that cloud backups can make or break a business. Knowing the common mishaps and counteracting them with vigilance will help to not only protect your organization against bad actors and accidents, but also ensure you’re getting the most out of your cloud provider. By thoughtfully constructing a strategy tailored to your business needs, that proactively incorporates security measures and considers capacity requirements, you can sleep easy knowing your organization's information is protected.

We list the best cloud storage management service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

Jon Howes, VP and GM of EMEA, Wasabi.