Welcome to the April edition of our Monthly Compliance Focus! This month, we are focused on backups and protecting your company data.
Did you know that Microsoft and Google follow a Shared Responsibility Model? This means the provider ensures the availability and resilience of the cloud platform, but the customer is responsible for protecting and backing up their own data.
Microsoft makes it explicit that regardless of what cloud platform you are using (i.e. Microsoft 365 or Azure etc) the customer always owns its data, including how it is classified, protected, and retained.
The key message is this: the cloud ensures your systems are always on, but it does not automatically ensure your data is backed up the way your business requires.
Whether you are using built-in tools, third-party services, or organisational governance, data recovery remains firmly your organisation’s responsibility.
Backups are different from the guarantees that cloud services give about staying online. An uptime guarantee (or SLA) simply means the service, like your email, should be available most of the time, even if there’s an outage.
However, this does not protect your actual data. Backups are what protect you from things like accidentally deleting files, someone deleting them on purpose, ransomware attacks, or mistakes made when changing settings.
There are many vendors out there that provide resiliency backup capability. They can connect backup cloud platforms, including Microsoft and Google, to their backup platforms. This ensures that if disaster strikes, your critical data is protected and recoverable.
Other platforms that run in the cloud, such as line of business applications i.e. Xero, Leap etc, tend to have a backup solution in place just for their systems. If you are concerned about this it is best to reach out to your vendors and find out what their backup policy and procedures are.
Another thing you need to consider is any data governance or compliance requirements your organisation may have. These may include data retention periods for backups, or GPDR Compliance if you trade with European organisations and process any information of individuals in the EU. Make sure that any requirements are known so that any backup solution can be configured to meet your needs.
Backups function much like an insurance policy: you hope you never need them, but when something goes wrong, they become invaluable. We already know it’s far less costly to pay insurance excess than to cover the full cost of replacing your vehicle after an accident. Well, the same principle applies to business data.
Having reliable backups means that, in the event of data loss, you can simply engage your service provider to perform a restore, rather than losing productivity and spending countless hours trying to reconstruct critical information. In today’s digital environment, backups aren’t optional for risk mitigation, they’re essential for business continuity.
If you have any questions or concerns around data backups and protection of your Google or Microsoft platforms, please reach out to us. We can review your current IT systems and recommend any solutions to ensure your data is protected and in line with your compliance requirements.
For support with your data backups strategy, please contact your Myrtec Customer Success Manager!
