Data Retention

The need to back up your cloud apps

Data loss challenges every business.  Data is the lifeblood of every business and there are countless ways to lose it.  We all know what happens when a workstation or servers fail or are breached, vital data is often lost with serious side effects.

With so many small- and medium-sized businesses moving their data to the cloud in droves, I think it’s important to have a conversation around what happens with your data in most cloud apps, primarily with regard to their data retention policies.

Understanding the retention policies of leading cloud services is more important than ever.  First, let’s look at what a retention policy is and how it works.  A data retention policy, or records retention policy, is an organization's established procedure for retaining information for operational or regulatory compliance requirements.

When establishing a data retention policy, organizations need to determine how to:

·         Organize information so it can be searched and accessed at a later date

·         Dispose of information that is no longer needed

While it is common for an organization to establish its own data retention requirements, there are certain data retention laws that must be adhered to. This is especially true for organizations operating within regulated industries. For example, publically traded companies within the U.S. must establish a Sarbanes-Oxley Act data retention policy. Similarly, healthcare organizations are subject to Health Insurance and Portability and Accountability Act (HIPAA) data retention requirements and organizations that accept credit cards must adhere to a Payment Card Industry Data Security Standard (PCI DSS) data retention and disposal policy. Retaining data is not enough. Federal laws commonly require organizations in regulated industries to create a documented data retention policy and follow certain guidelines.

Now let’s shift the focus to business productivity applications and what happens to your data within most cloud apps.  What is the data retention policy of your cloud app?  As cloud-based SaaS applications become more popular with business users, an unfortunate reality has set in: data in the cloud isn’t always as secure as you think.  Unfortunately user or admin errors, accidental deletion, malicious hackers, or lack of proper data retention features and services can leave critical business data vulnerable to data loss.  The cost to an organization that experiences data loss is significant.  Eliminating user error and other causes of data loss is unlikely. 

The retention policy of most cloud based apps like Office 365, Google Apps, Salesforce, Drop Box may not meet the data retention expectations or requirements of most small businesses or even individuals for that matter.  Here are some examples of standard retention policies of some of the leading cloud services; 

·        Office 365 SharePoint - 30 days

·        Office 365 Exchange 30 days

·        Office 365 OneDrive for Business - 93 days

·        Salesforce - 15 days

·        Gmail - 30 days

The concern is that most people view these services as a backup, they think the data is perfectly safe with these big name cloud services.  Again, we are not concerned with the service providers themselves losing data as we are with the end user.  A disgruntled employee, a hacker or just an honest mistake by an admin or the end user themselves could delete important data forever.  Having the ability to restore data within these cloud apps is something every organization needs to be giving serious consideration to.

Yes, we are talking about the need to back up cloud app data as well as local app data.  A cloud data protection solution ensures that data within these applications is backed up and recoverable.  A cloud-to-cloud backup backs SaaS data up to a second-site or as we like to call it a Safe Haven cloud.  A good cloud-to-cloud backup service allows for full-text searching, archiving, restoration, monitoring, reporting and retention of data.  No matter the threat to SaaS data, a good cloud-to-cloud backup service ensures recovery of important data.

Meridian highly recommends implementing a cloud to cloud backup data strategy for all cloud solutions including those referenced above.