Backups in the Cloud Era

More and more companies are moving to cloud services like Office 365 and G Suite each year, and many of them are under the impression that moving to the cloud means they no longer need to take backups.  The reality is that these services operate under a “Shared Responsibility Model” that puts the onus of ensuring your data and configurations are backed up on you.  This is important not just for the occasional accidental file deletion but also for major breaches and attacks.

A system like G Suite vault might allow you to view and restore previous versions of a file within G Suite, but a malicious actor can easily circumvent that and make the default restore process useless while also targeting all your current files.  The fact of the matter is that if someone has gained access to your cloud service, they’ve most likely gained access to everything including any built-in backups.

It’s also important to remember that it’s not just files in these cloud systems that need to be protected, attacks targeting services like Azure and Intune configurations can directly affect your business and lead to entire teams being unable to work just as if it was onsite infrastructure.  Intune can end up storing a massive amount of computer policies and configuration settings and the service currently doesn’t have any official means of backing up that data besides a single PowerShell module that is not well documented.

In a perfect world these types of attacks would be stopped before ever reaching this point, but in any company that does get attacked having backups of your cloud configurations can be the difference between being restored within hours vs being at the mercy of a foreign hacker and down for several days as you rebuild from scratch.

We are also seeing more instances of attacks that target companies’ onsite backups and even attempting to target offsite storage at the same time and that’s why it is more important than ever to keep your backup infrastructure segregated.  Whenever possible your onsite backup systems should be off the domain and using separate and unique credentials, ideally segregated from the rest of the network.  The same goes for offsite backups and cloud services backups, ideally, they would be housed in a completely different cloud service than your main infrastructure.  If a malicious actor gaining access to your network and systems also gives them access to destroy all your backups, then those backups are not really fulfilling their purpose.

With cyber-attacks getting more sophisticated and targeting more services it is crucial to make sure you are backing up all critical data and configurations regardless of their location, but it is just as important that those backups are secured and segregated from the rest of your company so that they can still be used even if everything else is lost.  That is what we would describe as true disaster recovery.