For many businesses, cloud collaboration platforms (CCPs) such as SharePoint or Google Drive are a tempting alternative to dedicated endpoint backup because they have some superficial resemblances. One example is that most of these platforms provide file versioning that looks and feels secure, in which the user can look at previous iterations of a shared document and restore them to some preferred iteration if need be. But, unbeknownst to most casual tech users, there is a hard limit on backup utility that most CCPs run up against rather quickly. The fact is, using CCPs as a primary backup tool for recovery when things go wrong is unsuitable and risky. While some MSPs may take a “laissez-faire” approach to letting this misuse go on unchecked, doing so won’t just hurt their customers — it will also hurt them as the stewards of their customers’ IT strategies. Let’s unearth five hidden risks of using collaboration tools for backup and recovery purposes, as well as the best possible strategy an MSP can take to avoid them and provide better protection for their customers. #1. Compliance risks Backup often isn’t simply a matter of good policy or sound data protection and resilience. In many cases, backup is a matter of compliance. For some industries that handle sensitive data, such as healthcare records, data backup and recovery is mandated by HIPAA. Frameworks such as PCI, SOX, ISO 27001 and GLBA have similar requirements for backup and recovery, and SOC2 focuses on data availability, integrity and confidentiality of the data. Though the consequences of non-compliance may vary, there is a prevailing requirement for data protection and resilience. CCPs do not meet these standards and, more importantly, are not sufficient tools for risk management and data recovery when things go wrong. The reason for this is simple, they aren’t designed for data resilience and recovery; they are designed for collaboration and should not be solely relied upon as part of your customers data resilience strategy. #2. Data retention policies Many CCPs come with data retention limits — in other words, a circumscribed amount of time for which a user’s data will be kept by the platform. After this period expires, files are often deleted automatically. These policies often have some flexibility within the platform’s settings, but this places onus on the user to monitor them and ensure that important data is retained. #3. Incomplete backup In addition to limited data retention capabilities, CCPs have an inherent limitation in that they are reliant on users uploading documents manually to the interface; this limitation can result in incomplete backup sets when needed for recovery. So, while CCPs data retention policies circumscribe your data within a set time, this risk has more to do with the amount of data that CCPs backup, in other words, completeness and availability. It’s never all the data that a business will need to recover in the event of disaster. CCPs use a model of file storage that is inherently limited and selective — only certain files get shared to the platform, never all files. What this means is that, if a CCP is being used as a backup and recovery solution, only those files shared to the CCP can be recovered. This can represent a significant gap for your customers and may not be realized until they need to recover, and then it will be too late. #4. User reliance Purpose-built backup and recovery solutions don’t depend on the user actions to work, they automatically backup every file and version. CCPs rely heavily on users to follow manual processes that are unrealistic and counter to user productivity. Using a CCP as a backup solution usually requires a substantial investment in education and overhead to ensure that processes are being followed by every user across the organization every time. And in the unlikely event that every user is strictly following the manual process every single time, there’s no guarantee that these pieces of information (which are vital for a successful backup strategy) will be available for recovery over the long run. And that’s risky business. Five risks hiding in cloud collaboration backup and how MSPs can prevent them A Bad Backup Plan AT YOUR SERVICE: XaaS By Todd Thorsen 42 CHANNELVISION | MARCH - APRIL 2024
RkJQdWJsaXNoZXIy NTg4Njc=