How are the cloud backup services for your enterprise workstations working out? What, you don't use cloud backup services? That may be how IT operates, but odds are your users are taking advantage of desktop cloud backup and syncing services offered by Mozy, Carbonite, iCloud and SkyDrive. You can't afford to be out of the loop about this.
The whole workstation backup situation is quite difficult, even downright perplexing. In most of my information security assessments, I find that users have no reasonable means to back up their desktops or laptops. It's usually one of four things:
- Users (or IT or management) assume that there's nothing of value on their workstations.
- They have no backup software or place to back up data, such as to a network drive or external hard drive.
- Workers have backup software that requires them to be connected to the enterprise LAN, but they're rarely in the office, and backups never happen.
- They have desktop backup software that's supposedly doing something, but they have no idea if their critical work and personal data are being protected.
Ignorance is bliss for many, but for those who have been burned, there's a reasonable understanding of the importance of consistent desktop backups. But what do users do if IT doesn't provide them a solution? They do it themselves. Thanks to marketing hype from talk show hosts and an inundation of ads, users are moving their data -- and your business's data -- to the cloud, whether you like it or not.
This cloud backup craze is a side effect of the bring your device (BYOD) trend. Simply put, users have put personal data on their fancy new discount desktops, laptops and tablets they don't want to lose. These devices also house files, databases and emails containing intellectual property and personally identifiable information that businesses can't afford to lose.
Cloud-based backup services are relatively mature, and there's a reasonable level of trust and security if the data is truly encrypted and protected with a strong passphrase. Independent data center audits and penetration testing of the Web front end are an extra plus that I always look for.
The problem is that users are calling the shots, making life more difficult for those in IT responsible for managing desktop backups. Regardless of how hard it may be, it's still a business problem that needs IT attention.
More on desktop backup and endpoint management
Don't overlook these desktop backup tasks
Microsoft Office 2013: What we know about the suite so far
What are the limitations of cloud backups?
Rather than leaving it to users to decide if, when and how their workstations are backed up to the cloud, it's up to you to help establish some standards and policies that everyone knows about and abides by.
It's not going to be 100% foolproof, but if you give users some desktop backup options, you can streamline the process, minimize headaches, and mostly reduce the security and regulatory compliance risks to business systems and data.
Here's what you can do. Determine the most reasonable technologies for backing up to the cloud. Consumer-grade cloud backup services and "drives in the cloud" will likely work. Just consider vendor reputation and the need to ensure the pillars of confidentiality, integrity and availability. If your organization is large enough or you have a lot to lose, you may also want to consider some of the more complicated cloud security concerns.
Also, consider whether you want to back up entire workstation drives or simply all business and personal files. The last thing you want to do is have your desktop cloud backup service constantly clobber your Internet connection.
Finally, you've got to keep an eye out on things. Like so many other security functions -- such as patch management and audit logging -- desktop backups are often seen as a set-it-and-forget-it task. Don't fall into this trap. Stay informed, keep users informed and check in with them regularly.
Users are going to do whatever they want to do on enterprise networks, especially if they're using their own computers with full admin rights. Use the cloud to your advantage. Just remember the tried and true principle of "trust but verify." Nip workstation backups in the bud today and be done with this headache and business risk once and for all.
This was first published in February 2013