No Backup is Secure in the Cloud: Nobody is liable for your Data Losses
No backup is secure in the cloud, nobody is liable for your data losses
We often get asked about how secure is our clients’ data, and how can a customer backup their data safely. European privacy laws, for example, require that personal data are kept secure and can always be recovered, but there is huge ignorance or wrong assumptions that once they backup data in the cloud, you can have peace of mind.
Among liars in our industry, some low-cost control panel hosting or cloud providers, for example, offer unlimited in/out data transfer, total disk space and free backup services at a meagre monthly cost. They are not just liars. Their marketing strategy works well with their low prices and free options until you need your data back. If you look carefully between the lines of most fine-printed SLAs and contracts, there is mostly no liability for service interruption or data losses. Moreover, you will likely be discontinued if your disk space or monthly data transfer exceeds the average clients’ usage.
As a side note, Microsoft discontinued its unlimited OneDrive storage because someone was abusing it, and Microsoft was surely losing money.
Let’s focus on cloud backups
Several low-cost web hosting companies offer free daily or even hourly backups of web data. What a temptation to upload all your pictures, music and videos to a web hosting space for a few dollars and even get a free backup!
For example, the Akeeba backup plugin for WordPress and the Akeeba extension for Joomla are some solutions that our clients use to automatically save a backup copy of their web data and databases on the website’s web/FTP space. Our clients believe they save money instead of ordering an offline backup service that is charged more but offers some (real) additional peace of mind.
Backups on the same disk space as your website
In fact, for this or any similar backup solution, you should check whether backup files live on the same web or FTP space as the website because (quite often) a backup remains indefinitely on the same disk or same physical storage device as the original data.
What does it mean? Suppose a severe hardware failure happens, especially with a cheap storage solution. In that case, no backup may be left since the original data and backup copies were on the same broken storage device. There is usually no or little incentive for the cloud provider to recover your data because,e in most cases, you have no contractual guarantee on the persistence or recovery of your data (check liability or service agreements of significant cloud providers excerpted below).
Online backup and restore procedures may significantly differ from low-cost, professional hosting services and cloud providers. On the low-cost control panel web services, risks can be much higher, also because there may not be any offline backup of clients’ data; control panel software can be more exposed to bugs and security issues that cannot be corrected immediately; and hundreds of clients are usually packed on high density, memory, disks and networks of low-cost service providers.
No liability for data losses in the cloud
In general, there is no guarantee of service continuity or data loss when you look at contracts and SLAs or – if there is any – it’s not for standard services or in standard SLAs. Amazon, Google and Microsoft mention very clearly that their liability is none (or almost none) in case of service interruption and loss of customer data (I lost an entire disk when running a test on Amazon AWS; it failed and was put out of service. However since all data was replicated on WorldDirector’s servers outside AWS, I could quickly rebuild it).
Amazon AWS data loss liability
Amazon’s AWS terms:
https://aws.amazon.com/agreement/ – specifically, section 11:
WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICES, …
Google data loss liability
Excerpt of Google’s liability: https://www.google.com/policies/terms/
WHEN PERMITTED BY LAW, GOOGLE, AND GOOGLE’S SUPPLIERS AND DISTRIBUTOR, WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA, FINANCIAL LOSSES OR INDIRECT, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES …
Microsoft’s data loss liability
Microsoft Policy:
https://azure.microsoft.com/en-us/support/legal/subscription-agreement-nov-2014/
7.2 : EXCLUSION. Neither party will be liable for indirect, special, incidental, consequential, punitive, or exemplary damages for lost profits, revenues, business interruption, or loss of business information, even if the party knew such damages were possible.
What can you do to secure your data?
Back in the times of POTS (Plain Old Telephone Service) and since the GTD-5 EAX (General Telephone Digital Number 5 Electronic Automatic Exchange), one of the first digital telephone exchanges, appeared in the 80s and 90s, all hardware and software had to be duplicated (as well as databases containing billing data) if you wanted to guarantee a reliable and uninterrupted telephone service. Spare copies of hardware were to be made active automatically whenever there was a fault. The only bottleneck in the digital subscriber’s line (DSL) connecting homes and offices to the telephone exchange and its interfaces.
Multiple, redundant, offline and off-site backups for a successful disaster recovery
To avoid service disruption, if you work on critical applications, you should use a backup solution based on multiple, redundant, off-site, and offline storage that does not use the same hardware devices as your live data. The higher the number of redundant copies made offline and at different geographical locations, the higher the likelihood that you can recover your data in full as soon as needed.
Additionally, you should never trust only one cloud provider for 100% of your multiple redundant backups; use onsite and more than one provider, as well as more than one data centre to store your data, and keep additional copies off the cloud to protect from ransomware and ensure a successful disaster recovery.
Conclusions
If you want to have a close to 100% service guarantee and a natural ability to recover data, what you can do is minimize the risks by paying more and make use of fully redundant services, i.e. redundant connectivity offered by many different AS (Autonomous Systems), complete hardware and software redundancy (multiple cold or hot copies), maintain redundant offline backups, and store data and offer access from servers located at different geographical locations in a global load balancing configuration that has no single point of failure.
Recent Comments