You wouldn’t brush your hair with a rake, would you?
When it comes to endpoint data protection solutions, it’s important to understand the available tools so you don’t get left holding an empty bag when you need to recover data following an incident.
Every organization should have a data resiliency plan in place that is focused on recovery and continuity of your critical business operations and systems when things go wrong. Data resiliency is a core element of most industry security frameworks, think FISMA, ISO 27001, NIST, GDPR, GLBA, SOC2, PCI…I could go on but you get the picture.
With the rise of ransomware attacks; regulators and auditors are placing even more scrutiny on data resilience capabilities and plans both from a proactive data protection standpoint as well as a reactive standpoint (an organization’s ability to recover and resume operations quickly and effectively when impacted). Internal and external stakeholders such as your board, regulators, auditors, and your customers expect/require that you have appropriate data resilience capabilities and plans in place to recover and resume operations with minimal impact and data loss.
Auditors and regulators will ask you about your data resiliency program and your backup and recovery capabilities, along with requests for evidence and testing. You will never get questions from regulators, auditors or customers on your collaboration program, why? Because they don’t care. Cloud Collaboration Platforms (CCPs) are not a part of your data resiliency program. Put bluntly; they are not true backup. As the name implies, they are collaboration focused primary storage solutions, however in the quest for tool consolidation the CCP vendors surely want you to forget that.
Don’t get me wrong, collaboration tools are really important for COLLABORATION. They have a primary focus on enterprise productivity and efficiency which are important goals for organizations today when attempting to move faster at scale with a distributed workforce, but they are not data backup solutions for small businesses or enterprises. So, my question to you is, why would you use a tool designed for collaboration as part of your data backup and recovery strategy? Would you use a wrench to drive a nail? Or use a rake to brush your hair?
CCPs and endpoint backup are two distinct solutions designed to solve two distinct problems. True enterprise endpoint data backup is built to cover all endpoint data without relying on user interaction—automatically securing that data and enabling fast, reliable and complete recovery. In contrast, CCPs are built to synchronize a specific, user-designated subset of endpoint data — the same features and functionality that define CCPs become their greatest liabilities when used in place of a true endpoint data protection solution.
The Danger of Substituting CCPs for Endpoint Backup
Many businesses are making the understandable-if-misguided calculation that OneDrive, Google Drive, or Box offer a “good enough” stand-in for a data backup and recovery solution. This decision leaves the business open to a wide range of risks that can be mitigated through a purpose-built endpoint backup tool.
Incomplete backup set risk
CCPs fail as an endpoint backup solution at the most basic level. They don’t automatically backup all important user data on endpoints. Instead, CCPs rely on all of your end users to save all of their files to the CCP solution which increases the risk that critical files are not backed up.
Operational overhead risk
Rather than automatically backing up data, CCPs require end users to follow workflows to ensure all endpoint data is backed up. This is another series of steps that end users have to follow and work into their daily routine which impacts their productivity, slows their work and introduces a higher likelihood that some files may not be backed up.
Availability risk
When an end user accidentally deletes a file from a shared space, it’s deleted for all users. CCPs have short recall windows—from days to a few weeks—but the data is gone for good if the error isn’t discovered in time, and restoring all files at scale to a given recovery point is effectively impossible.
Data redundancy risk
Leveraging a CCP as primary storage decreases the resiliency of your data. A backup by definition is a second copy of existing, working data. By using a CCP for the working file storage (even assuming redundancy within the cloud solution) you have only one copy of the file data.
Data residency risk
Finally, many CCPs give minimal configurability when it comes to data storage location. Existing and expanding data-privacy and sovereignty legislation means that knowing where your users’ data is stored is a core compliance requirement.
Dedicated Endpoint Backup is Critical to Business Continuity and Data Resiliency
As the business world continues to take full advantage of cloud-based productivity applications, it is easy to be tempted to shoehorn CCPs into the role of an endpoint data protection solution.. But the inherent limitations of doing so lead to serious business costs when things go wrong. With a true endpoint backup solution in place, enterprises can work to maximize the potential of cloud-based file sharing and collaboration while ensuring comprehensive data backup, data security, and guaranteed data restores which lay the foundation of a robust business continuity plan.
About the Author
