boscorelli - Fotolia


How to protect data in the cloud

Take a look at three backup methods -- on premises, cloud to local and cloud to cloud -- and find out the pros, cons and cost of each.

With today's organizations increasingly moving toward a cloud-first, cloud-by-default or cloud-only operational model, it is hardly surprising that vast quantities of data are being stored in the cloud. Like data that is stored on premises, cloud data needs to be protected against loss. As a general rule, cloud service providers do not perform backups on behalf of their subscribers. Fortunately, there are a variety of techniques that can be used for cloud backup and data protection.

Local (on-premises) backups

One option for protecting your cloud data is to perform on-premises backups. This approach uses a backup server to copy cloud data to an on-premises backup target. The backup server can either reside in the cloud, or locally in an organization's own data center.

The primary advantage to using this approach is that, because the backup resides locally, the organization has full control and ownership of the backup. As appealing as this might be, there are some rather significant disadvantages to using this approach.

One of the main disadvantages is that the organization incurs the cost and complexity of maintaining an on-premises backup infrastructure. This means making a substantial investment in storage hardware, backup licenses and the supporting infrastructure. There are also ongoing support and maintenance costs to consider.

Another significant disadvantage to using this approach is that, depending on the volume of data being backed up, the backup process can put a considerable strain on the organization's available internet bandwidth.

A comparison of three backup methods
Local, cloud-to-local and cloud-to-cloud backups each have their pros and cons.

One more disadvantage to consider is that restoration operations can be time-consuming because the data is being restored over an internet connection. An organization must consider whether it will be able to restore a local backup to the cloud quickly enough to be able to honor its service-level agreements.

Those organizations that like the idea of having a local backup of their cloud data should consider creating a cloud backup and then replicating it to an on-premises backup target. This approach provides greater redundancy than simply backing up data to a local backup target. More importantly, it places the primary backup closer to the protected resources, thereby reducing the amount of time required for a data restoration.

Cloud-to-local backups

Another option for protecting an organization's cloud data is to perform a cloud-to-local backup. A cloud-to-local backup is one in which the backup target resides within the same cloud as the data that is being protected. Like on-premises backups, there are both advantages and disadvantages to this approach.

The greatest advantage to performing this type of backup is its simplicity. Because the backup resides in the same cloud as the data that is being protected, there are no complex gateway traversals or external permissions to worry about. Furthermore, the backup costs are rolled into the cloud services bill that you are already paying.

Another advantage to performing cloud-to-local backups is that the costs can be substantially lower than that of backing up data to a target residing outside of the cloud. The reason for this is that an organization may be able to avoid costs related to internet bandwidth and data egress fees.

An organization should choose the data protection method that best suits its own data protection requirements.

Cloud-to-local backups also allow data to be restored very quickly because the backups are in the same cloud as the protected resources.

Of course, there are disadvantages to cloud-to-local backups. First, they cannot be used for all types of data. While IaaS clouds generally allow for cloud-to-local backups, SaaS clouds do not. If an organization needs to protect SaaS cloud data, it will have to use a cloud-to-cloud backup or an on-premises backup.

Another disadvantage is that cloud-to-local backups do not protect an organization's data against a cloud-level failure, a cloud security breach or a provider that simply goes out of business. If an organization wants to perform cloud-to-local backups, it should back up data to a different region, so as to create a layer of isolation between the protected data and the backup. Even regional separation, however, does not guarantee protection against a cloud-level failure.


One more option is to perform a cloud-to-cloud backup. This is where an organization's cloud data is backed up to a target residing on another provider's cloud. If an organization stores its data on the AWS cloud, for example, then it might back that data up to Microsoft Azure.

The main advantage to this approach is that it provides true isolation against cloud-level failures.

Cloud-to-cloud backups are generally more expensive than cloud-to-local backups because of the data transfer fees. It is also worth noting that a cloud-to-cloud backup can be complex to configure. It typically requires the creation of cloud gateways and the mapping of permissions across clouds. However, if an organization is already using a multi-cloud model for other services that it hosts in the cloud, then most of the required infrastructure may already be in place.

On-premises, cloud-to-local and cloud-to-cloud backups each have their own unique advantages and disadvantages. An organization should choose the data protection method that best suits its own data protection requirements. The best protection however, comes from combining multiple data protection methods. An organization might, for instance, perform a cloud-to-local backup, but replicate the backup to another cloud.

Next Steps

What are some public cloud backup options for better data protection?

6 best practices for choosing a cloud backup provider

Dig Deeper on Cloud backup

Disaster Recovery