Call for 24/7 assistance 800-388-1266

Are Public Cloud Providers Responsible for Data Loss?


Are Public Cloud Providers Responsible for Data Loss?

In the digital age, where so much of our invaluable data lives in the cloud, it's easy to fall into the trap of assuming that our information is impervious to loss or corruption. However, the reality is far from this misconception. I have long emphasized the critical importance of taking responsibility for the safeguarding of the data we entrust to the cloud.

Cloud Storage Convenience Comes with User Responsibility

Cloud storage has obviously revolutionized the way we manage and access our data. From business documents, cherished memories captured in photos, to other important personal files, the convenience and accessibility offered by cloud services have become integral to our daily lives. I’m using a cloud service to write this very article! But herein lies a fundamental truth that is often overlooked: the responsibility for backing up this data ultimately rests with the user.

My podcasts and articles have always echoed this sentiment, underscoring the need for a proactive approach to data protection. The assumption that cloud service providers are an infallible fortress for your data is a perilous misconception. While they may offer robust security measures and redundancy, they do not absolve users of the responsibility to implement their own backup strategies.

The Overlooked Importance of Personal Data Backup

One of the key tenets of my philosophy is the concept of the shared responsibility model. While cloud service providers manage the security and availability of the cloud infrastructure, users are responsible for securing their data within the cloud. This delineation is pivotal in your understanding of who should do what. The infrastructure is theirs, but the data is yours; protect it the same way you would if it was on your own hardware.

Shared Responsibility in the Cloud

A data backup concept showing a robust backup strategy across multiple devices and services

Think about the scenario where a cloud service experiences a rare but catastrophic failure or a malicious attack. Without a comprehensive backup plan, the consequences can be devastating. Data loss, downtime, and the potential for unrecoverable information are all risks that can be mitigated with a robust backup strategy.

Consider, for example, the ransomware attack on Rackspace last year that left hundreds of customers without their data for months. While the vendor made an effort to get customer’s data back, their efforts took months, while their customers were left without their data. KPMG accidentally deleted over 150,000 users’ private chats in Microsoft 365, through a misuse of a data protection feature (retention policies). They learned very quickly that Microsoft had no backup of that data. There is also the story of Musey, Inc, whose admin accidentally deleted their entire company’s google drive and all of their intellectual property. The company tried suing Google, but later withdrew the lawsuit. As of this writing, several hundred Google Drive customers say they have lost all files put into the service since May of 2023 (seven months of data). There is no word from Google on when or if this data may come back. How many stories like this must people hear before they realize that backup is their responsibility?

Embracing the 3-2-1 Backup Rule

Another important concept is the 3-2-1 backup strategy, which entails having three copies of your data, stored on two different media, with one copy kept offsite. It’s considered by many to be the absolute bare minimum required for a backup. Applying this principle to cloud data underscores the need for getting at least one copy of your data outside the control of the service where it is being stored. If all copies of your data are in the cloud provider, how is that in keeping with this most basic definition of backups?

One additional thing to think about are the legal reasons why backup and recovery is your responsibility. Take a look at the user agreement for any cloud service you use. Look for words like backup, recovery, ransomware, cyberattack, etc. Look for anything in that agreement that suggests that the vendor says they are backing up your data. I’ll bet you won’t find anything. The one exception is if the customer offers an independent backup service that you pay for, but that is a very small number of companies.

Cloud Data Protection: Your Responsibility, Your Choice

It’s pretty straightforward that the responsibility for safeguarding your data in the cloud is yours. Whether you choose to implement a robust backup strategy independently or leverage a reputable backup service, the onus remains on you to ensure the integrity, availability, and recoverability of your critical information.

In summary, all of your data in one place has always been a bad thing. Nothing in your contract says cloud vendors are backing up your data, and there are many stories proving that you are on your own when it comes to protecting your data in the cloud. I really don’t want to say I told you so, so… please take a moment now to look into protecting your cloud data.

W. Curtis Preston, Author & Podcaster
Article by

W. Curtis Preston, also known as "Mr. Backup,” is the author of three O'Reilly books and the founder/webmaster of backupcentral.com, a site dedicated to backup & recovery for over 20 years. He is also the host of the independent Restore it All podcast. He is currently the Chief Technical Evangelist at Druva, Inc, a data protection as a service company.

Need Our Professional Services?

Related Articles

;