Following a three-month delay due to coronavirus – and more than seven years after its enactment – the Protection of Personal Information (POPI) Act has finally come into force.Continue reading
As millions of people work from home to reduce the spread of coronavirus, the adoption of cloud computing, productivity and collaboration tools such as G Suite continues to grow at a pace.
Google’s G Suite bundle of software for businesses, schools and public sector organisations had more than six million paying customers in March.
When it comes to G Suite backup, establishing who is responsible for what is crucial, especially now that so much of the information stored is business critical and most importantly often the latest version of that data.
The responsibility for cloud security is shared between the software provider and the data controller/owner.
SaaS companies such as Google are highly motivated to avoid the bad publicity that would arise from any widespread events that portray their applications or underlying infrastructure in a poor light.
For that reason Google invests heavily in security infrastructure and security personnel to protect their reputation – the success of their business depends on it.
However, SaaS companies are not focusing on your users, your data – or any activities that threaten your capability to recover business-critical information:
In these cases, it’s not Google whose business is on the line if your actions have left you susceptible to these risks.
It’s down to you to fill in the gaps with a third-party backup provider – and the reason for that is clear when you take into account that data loss due to user error is the No. 1 reason organisations lose critical sales, marketing, customer, financial, and IP data stored in email and documents.
All organisations are required to hold records of current and historical data for litigation purpose and legal compliance.
Using Google Vault to create a litigation hold for retrieving past data from archives only works up to a point.
For instance, the ugly spectre of non-compliance arises if 20 days have passed and you are suddenly called upon to recover the data from a deleted user’s account. Put simply, the data will have disappeared.
Considering the average length of time from data compromise to discovery is more than 140 days, you have a worryingly little window within which to act.
If an administrator takes more than 25 days to discover that data has been mistakenly or maliciously deleted from the trash basket – he has no way of getting it back.
There are several reasons why users might delete a file:
The installation of some third-party apps provides gateways for hackers to steal or permanently delete files.
Users typically stay ‘signed in’ to many devices. If one of these is lost or stolen, it is possible for someone to wreak havoc, deleting shared data – and what if there is only the one copy?
For ransomware to infect a system, sometimes all it takes is for an unsuspecting user to download an email attachment – and if you sync your desktop data to the Google Drive associated with your G Suite account, the problem gets worse.
In January this year Google Drive suffered a server failure, leading to widespread service disruption all around the world. Users were left waiting for an hour before hearing they could again access Google Drive, including Docs, Sheets and Slides.
If business continuity is important, you need to be back up and running as quick as possible, not left at the mercy of your software provider’s ability to resume the service.
G Suite administrators have the option of making use of Google Vault, a web-based archiving tool, to retain, hold, search and export data.
However, Google Vault does not create a separate copy of the data, so when data is deleted from Drive, it’s deleted from the archive as well.
A separate backup can also help with the migration of data in the event of a merger or acquisition, a welcome benefit considering that studies have shown the failure rate of the process is as high as 38 per cent.
Google will do everything it can to secure your data in their services, but while cloud vendors can help accomplish part of your security and compliance goals, they aren’t going to take responsibility for all of it.
If organisations are to maintain compliance with the General Data Protection Regulation they need a separate backup strategy to protect data residing on laptops in people’s houses.
The issue is not just around timely recovery, but subject access queries which are going to be very hard to fulfil when data is spread so widely.
Protecting G Suite as part of a unified data management strategy puts all that important data in one place.
Redstor’s data management solution enables you to view cloud and onsite data in one place through a central management console, address e-discovery requirements and comply with GDPR by searching and actioning data wherever it is.
With one central, easy-to-use system there is also the benefit of being able to simplify and automate your data management and establish a consistent data protection policy across your whole estate.
Redstor can also back up any other data – whether that is from a customer’s primary infrastructure or other SaaS solutions such as Microsoft 365.
So if different data types need protecting, it does not follow that you need multiple different backup solutions.
Discover more about a pioneering technology that provides visibility and on-demand access to data, wherever it is stored, delivering backup and recovery, archiving, DR and Search and Insight through a single, centralised system.