Trent Odgers, Cloud and Hosting Manager for Southern Africa at Veeam, looks at the role of data protection in a multi-cloud strategy.
For all its benefits, adopting a multi-cloud approach in the digital business landscape does not come without risks. Given the importance of safeguarding data amidst evolving regulatory requirements, companies can ill afford not to integrate data protection in their strategies. With the need for data availability and analysis at an all-time high, decision-makers need to ensure that their multi-cloud approach reflects this accordingly.
But what does a multi-cloud environment entail? The answer might surprise many. In fact, companies who have on-premise infrastructure (private cloud) and use a productivity suite like Microsoft Office 365 (public cloud) are already on a multi-cloud without even knowing it. Once they realise this, they can start changing their approach and adopt a more effective multi-cloud strategy.
In South Africa, many companies are looking at either reducing or eliminating tape backups from their environment. The smarter and leaner cloud providers are identifying ways to capitalise on this growth. This migration will not only improve the customer experience, thanks to the better availability of data, but also ticks the regulatory boxes in terms of data storage and business continuity services.
Yet, the multi-cloud is not a silver bullet that can fix all availability challenges. Things like data storage, control, backup, continuity, costs, complexity of implementation, and so on all need to be considered especially given how the service offerings from cloud providers differ. Decision-makers therefore need to examine the benefits and disadvantages of the various providers. Fortunately for organisations, there is a lot of competition in this space both from local offerings and international ones, with Microsoft Azure and Huawei Cloud now having a local presence and Amazon Web Services set to open new data centres in the first half of 2020.
The evolving regulatory environment has also had a massive impact on multi-cloud and even cloud strategies. The complexities around data governance need to be carefully considered in an age of the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR). Again, organisations need to review how best a cloud provider can fit into these requirements and help them achieve compliance.
Secure your data
Of course, one of the most critical elements in any approach, whether multi-cloud or single cloud, must revolve around security. Companies need to ask themselves how easy it is for a person to access their data. More consideration needs to be applied to access and control. For example, single authentication is no longer an option. Instead, businesses need to adopt triple authentication, penetration testing, and adopt different profiles for users when they are in the office and for when they access data remotely.
Security needs to be continually reviewed, monitored, updated and adapted to the current needs of the organisation. Irrespective of the cloud approach, the weakest link in the security chain is still often the employees themselves.
This is where user education must be driven from the top down. Just because the data of a company is in the cloud does not mean security can be ignored. And even if the business has the best security solutions in place, they mean very little if the data is not backed up and available when disaster strikes.
The multi-national data centres arriving in South Africa will not fundamentally change any of the rules associated with the cloud and data security. Instead, companies should put in place an action plan to ensure they are ready for this new cloud dynamic.
The road ahead is going to be even more focused on data availability, retention, backup, and continuity than before. And throughout this journey, security will be integral to all of it.