{"id":661,"date":"2023-09-24T18:41:44","date_gmt":"2023-09-24T17:41:44","guid":{"rendered":"https:\/\/www.milanoventures.com\/?p=661"},"modified":"2023-12-12T22:08:51","modified_gmt":"2023-12-12T22:08:51","slug":"no-backup-is-secure-in-the-cloud-nobody-is-liable-for-your-data-losses","status":"publish","type":"post","link":"https:\/\/www.milanoventures.com\/no-backup-is-secure-in-the-cloud-nobody-is-liable-for-your-data-losses\/","title":{"rendered":"No Backup is Secure in the Cloud: Nobody is liable for your Data Losses"},"content":{"rendered":"
[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_dmb_breadcrumbs _builder_version=”4.22.2″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_dmb_breadcrumbs][et_pb_blurb title=”No backup is secure in the cloud, nobody is liable for your data losses” _builder_version=”4.23.1″ header_level=”h1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width_tablet=”50px” hover_enabled=”0″ use_circle=”off” use_circle_border=”off” global_colors_info=”{}” sticky_enabled=”0″]<\/p>\n
\nWe often get asked about how secure is our clients’ data, and how can a customer backup their data safely. European privacy laws, for example, require that personal data are kept secure and can always be recovered, but there is huge ignorance<\/em> or wrong assumptions<\/em>\u00a0 that once they backup data in the cloud, you can have peace of mind<\/em>.<\/p>\n<\/blockquote>\n
<\/p>\n
Among liars<\/em> in our industry, some low-cost control panel hosting or cloud providers<\/em>, for example, offer unlimited<\/em> in\/out data transfer, total disk space and free backup<\/em> services at a meagre monthly cost. They are not<\/em> just liars. Their<\/em> marketing strategy works well with their low prices and free<\/em> options until you need your data back. If you look carefully between the lines of most fine-printed SLAs<\/strong> and contracts, there is mostly no liability for service interruption or data losses<\/strong>. Moreover, you will likely be discontinued if your disk space or monthly data transfer exceeds the average clients’ usage.<\/p>\n
As a side note, Microsoft discontinued its unlimited OneDrive storage<\/a> because someone was abusing it<\/em>, and Microsoft was surely losing money.<\/p>\n
Let’s focus on cloud backups<\/h2>\n
Several low-cost web hosting companies<\/strong> offer free<\/em> daily<\/strong> or even hourly backups<\/em> of web data<\/strong>. What a temptation to upload all your pictures, music and videos to a web hosting space for a few dollars and even get a free backup<\/strong>!<\/em><\/p>\n
For example, the Akeeba backup plugin for WordPress and the Akeeba extension for Joomla are some solutions that our clients use to automatically save a backup copy of their web data and databases on the website’s<\/em> web\/FTP space. Our clients believe they save money instead of ordering an offline backup service that is charged more but offers some<\/em> (real) additional peace of mind.<\/p>\n
Backups on the same disk space as your website<\/h2>\n
In fact, for this or any similar backup solution, you should check whether backup files live on the same<\/em> web or FTP space as the website because (quite often) a backup remains indefinitely on the same disk<\/em> or same physical storage device as the original data.<\/p>\n
What does it mean?<\/em> Suppose a severe hardware failure<\/em> happens, especially with a cheap storage solution. In that case, no backup may be left since the original data<\/em> and backup copies were on the same broken storage device.<\/em> There is usually no or little incentive for the cloud provider to recover your data because,e in most cases, you have no contractual guarantee<\/em> on the persistence or recovery of your data (check liability or service agreements of significant cloud providers excerpted below<\/em>).<\/p>\n
Online backup and restore procedures may significantly differ from low-cost, professional hosting services and cloud providers. On the low-cost control panel web service<\/em>s, risks can be much higher, also because there may not be any offline backup of clients’ data; control panel software can be more exposed to bugs and security issues that cannot be corrected immediately; and hundreds of clients are usually packed on high density, memory, disks and networks of low-cost service providers.<\/p>\n
<\/p>\n
No liability for data losses in the cloud<\/h2>\n
In general, there is no guarantee of service continuity<\/em> or data loss<\/em> when you look at contracts and SLAs or – if there is any – it’s not for standard services or in standard<\/em> SLAs. Amazon<\/a>, Google <\/a>and Microsoft <\/a>mention very clearly that their liability is none (or almost none) in case of service interruption and loss of customer data (I lost an entire disk when running a test on Amazon AWS; it failed and was put out of service. However since all data was replicated on <\/em>WorldDirector’s<\/em> servers outside AWS, I could quickly rebuild it<\/em>).<\/p>\n
Amazon AWS data loss liability<\/h3>\n
Amazon’s AWS terms:<\/p>\n
https:\/\/aws.amazon.com\/agreement\/<\/a> – specifically, section 11:<\/p>\n
WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF<\/em><\/strong> PROFITS, GOODWILL, USE, OR DATA<\/em><\/strong>), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICES,\u00a0…<\/p>\n
Google data loss liability<\/h3>\n
Excerpt of Google’s liability: https:\/\/www.google.com\/policies\/terms\/<\/a><\/p>\n
WHEN PERMITTED BY LAW, GOOGLE, AND GOOGLE’S SUPPLIERS AND DISTRIBUTOR, WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA<\/em><\/strong>, FINANCIAL LOSSES OR INDIRECT, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES …<\/p>\n
Microsoft’s data loss liability<\/h3>\n
Microsoft Policy:<\/p>\n
https:\/\/azure.microsoft.com\/en-us\/support\/legal\/subscription-agreement-nov-2014\/<\/a><\/p>\n
7.2 : EXCLUSION. Neither party will be liable for<\/em><\/strong> indirect, special, incidental, consequential, punitive, or exemplary damages for lost profits, revenues, business interruption, or loss of business information<\/em><\/strong>, even if the party knew such damages were possible.<\/p>\n
What can you do to secure your data?<\/h2>\n
Back in the times of POTS<\/a> (Plain Old Telephone Service) and since the GTD-5 EAX (General Telephone Digital Number 5 Electronic Automatic Exchange)<\/a>, one of the first digital<\/em> telephone exchanges, appeared in the 80s and 90s, all hardware and software had to be duplicated<\/strong> (as well as databases<\/em> containing billing data) if you wanted to guarantee a reliable<\/em> <\/strong>and uninterrupted<\/strong> <\/em>telephone service. Spare copies of hardware were to be made active automatically whenever there was a fault. The only bottleneck in the digital subscriber’s line<\/em> (DSL) connecting homes and offices to the telephone exchange and its interfaces.<\/p>\n
<\/p>\n
Multiple, redundant, offline and off-site backups for a successful disaster recovery<\/h2>\n
To avoid service disruption, if you work on critical applications, you should use a backup solution based on multiple<\/strong>, redundant<\/strong>, off-site<\/strong>, and offline<\/strong> storage that does not use the same hardware devices as your live data. The higher the number of redundant copies made offline and at different geographical locations, the higher the likelihood that you can recover your data in full as soon as needed.<\/p>\n
Additionally, you should never trust only one cloud provider for 100% of your multiple redundant backups; use onsite and more than one provider, as well as more than one data centre to store your data, and keep additional copies off the cloud to protect from ransomware and ensure a successful disaster recovery<\/em><\/strong>.<\/p>\n
Conclusions<\/h2>\n
\n