Migration to and adoption of the public cloud has been a mainstay in our environments for the better part of a decade now.
One of the most popular choices for enterprises is a multi-cloud strategy, which is comprised of two or more private or public clouds. Whether you’re already leveraging a multi-cloud environment or just getting started, data resiliency is paramount. Having a strong backup and recovery strategy for all your environments is a must and Veeam is here to help. Our cloud experts are ready to support you on your journey to multi-cloud resilience. Let’s start by taking a closer look at what multi-cloud backup is and why it’s important.
What Is Multi-Cloud Backup?
Multi-cloud backup is the architecture or process of backing up or storing different data sets on different cloud providers. Each cloud provider has their own native-built backup solution, but your multi-cloud backup solution should give you the flexibility to backup and recover your data to and from the cloud with ease — which isn’t always the case. A multi-cloud backup solution like Veeam Data Platform gives your company the resilience to recover quickly from ransomware attacks or other outages with fast, reliable recovery that is also native built for AWS, Azure, or Google Cloud. With centralized management, layered security, and a cost-effective approach you can backup and recover confidently at cost.
How Multi-Cloud Backup Works
The amount of data that enterprises create is a huge factor in why multi-cloud architectures are popular. Having a reliable and secure backup solution is essential for any company using multiple clouds. Having a strong multi-cloud backup strategy and solution provides enterprises with several fail safes to store and restore important data, databases, applications, and files in event of a ransomware attack or outage. If your primary cloud storage platform is damaged or disabled by a disaster, your mission-critical systems and data can be restored quickly and effectively by your backup solution to the other unaffected cloud provider, often without business interruptions.
These outcomes are often achieved through automation and orchestration. The key is to have a backup solution that can centrally manage all your backups in one platform through automation and orchestration. As your workloads and needs expand, consolidation becomes more important so that you aren’t managing backups in multiple platforms. Having to split your focus between several platforms can open the door to the possibility of security and recovery gaps.
Benefits of Multi-Cloud Data Backup
Ensuring Data Redundancy and Availability
There are numerous benefits to having a multi-cloud data backup strategy. For example, running a muli-cloud backup allows you to have different or the same data sets in multiple clouds at any given moment. With your data stored in two or more clouds your data becomes more available in the event of a disaster because if one cloud goes down, or you lose your on-premesis backup, then that data also sits in a non-affected cloud infrastructure and is ready to use at a moments notice — making it always available. Keeping your data stored in multiple locations with multiple providers allows you to restore from any of those locations in the case of a ransomware attack or outage.
Improved Disaster Recovery Capabilities
In the event your cloud providers or physical servers go down in a natural disaster or ransomware attack there is always another location to backup and recover to within your multi-cloud environment. The 3-2-1 rule works in this situation as you should always have a minimum of three copies of your data, in at least two backup locations with one off-site. Moving backup data to a public cloud, or, in this case, multiple public clouds, creates an air gap that adds a layer of protection from attacks and unforeseen disasters.
Cost-Effectiveness and Scalability
There are ingress and egress fees charged by public cloud providers based on the amount of storage used. Your costs can be relatively low if you’re a small business or customer without much data to protect. Even for mid-sized and larger organizations, the cost of securing data versus being sidelined by a hacker or natural disaster makes multi-cloud architectures with a singular multi-cloud backup solution an appealing and cost-effective strategy.
There are often scalability problems to deal with because sufficient storage capacity is seldom a problem but understanding the right storage capacity needed while not paying for multiple cloud backup solutions in the process are often overlooked fixes you can make today to lower costs. As part of your multi-cloud strategy, planning and checking with different providers is a great way to understand their pricing structures and ensure you make the choice best suited to your needs. Ask for offers and deals to make sure you get the best prices on your storage costs and test, test, test. Your multi-cloud backup solution can save you a ton of money by consolidating into one platform giving you ownership of your data to backup and recover with quickness and ease no matter the environment or situation.
Enhanced Business Continuity
When you have a multi-cloud backup strategy built with solid disaster recovery, the critical services that you need to keep operating will always be available. Having one solution that manages it all helps ensure you can meet RTO and RPO times by eliminating the need to maintain and leverage multiple systems to recover during an attack or outage. That framework ensures business continuity by making sure you don’t lose time or money in the process.
Challenges of Multi-Cloud Backup
You also need to be aware that there are some multi-cloud backup challenges to consider. When implementing a new backup solution there could always be some growing pains. For example, there could be a skills gap associated with managing data protection in cloud enviornments. As well as the risk of encountering issues around the need to have purpose-built backup and recovery tools. Orgs that are moving to a multi-cloud system can also expect to plan for security, cost and data management.
Enforcement of Security
For 41% of respondents to the Voice of the Enterprise: Cloud, Hosting & Managed Services, Hybrid/Multi Cloud 2022 study, the enforcement of security across multiple cloud environments was a significant challenge. For 40% of respondents, the transition to multi-cloud revealed that their current IT staff did not have adequate skills to manage the various cloud environments, which increased the need to invest in education for their employees or recruit new employees such as DevOps and site reliability engineers who have experience managing multi-cloud environments.
Managing Costs Across Multiple Environments
While the dynamic, on-demand scalability of cloud services is a tremendous benefit for customers, teams are concerned with the prospect of managing costs across multiple environments, and they often fear that a rapid spike in consumption could blow past an organization’s budget. Likewise, as cloud environments expand rapidly, concerns are growing with getting adequate visibility and management capacities across the growing cloud estate. Meanwhile, workload and data migrations are a huge challenge, and this is a key area where the replication and orchestration capabilities of a data protection solution like Veeam Data Platform can help.
Data Management
Data management is another area with multiple challenges, such as difficulties around satisfying regulatory compliance, ensuring effective data governance, integration, and management. Proper data management requires tools to enforce retention and deletion policies, including the management of immutable storage to prevent the unauthorized modification or deletion of sensitive data. These are also capabilities that organizations should look for when evaluating data protection and archiving tools.
Multi-Cloud Backup Best Practices
We’ve discussed the benefits and challenges of multi-cloud backup and using a multi-cloud environment, lastly here are some best practices for secure cloud backup.
Follow the 3-2-1 Rule
We mentioned previously the meaning behind the 3-2-1 rule, three copies of your data, two different locations, one off-site. The first and most important point to note is that your cloud provider is not responsible for backing up your data. While cloud providers synchronize data to mirror sites, this is to provide a fallback if the primary data center goes down. It is not a backup. If you are the victim of a ransomware attack, the constant synchronization means that both data sets will be encrypted.
Your backup strategy should, ideally, be based on the tried and tested 3-2-1 backup rule. This rule describes the minimum number of copies of data you should keep together with techniques to reduce the risk of loss due to common factors or events.
Logically Air Gap Your Backups
The notion of a physical air gap for backups is long instantiated. However, in the cloud where data is constantly connected to the network, how do you achieve this air gap? We need look no further than the cloud providers well-architected frameworks or best practices that help us understand where security boundaries lie and how to keep backup resources separate from production. Note that there are subtly different security considerations between clouds; AWS it is accounts, Azure it is subscriptions, and Google Cloud it is projects.
It is highly advised to utilize a dedicated account, subscription, or project for your backups. Also, backup copies can be stored on on-premises storage like hardened Linux repositories, or immutable object storage. This storage is also possible on-premises or on another cloud altogether.
Principle of Least Privilege (PoLP)
Limit privileges to those required for each user, system, or application to perform their specific tasks or functions. This rule applies equally to backup and recovery operations as well as to other employee tasks. Leverage the following principles:
- Identity and access management (IAM): Use granular IAM roles to create fine-grain control over resource access and permissible actions. Continuously audit IAM roles and delete permissions no longer required, as well as rotating access keys for IAM users
- Role-based access control (RBAC): RBAC is similar in principle to IAM, with some overlap. From a backup and recovery lens, RBAC can help entitle users specific access to backup and recovery functions. For example, recovery roles can be limited to restore only exercises to empower application owners to self-service recovery, without the ability to edit admin-level settings or backup policies
- Multifactor authentication: MFA is a robust system of authenticating users when they log into corporate systems, helping to prevent brute force and man-in-the-middle (MITM) attacks. It works by requiring the person who is attempting to log in to supply at least one piece of additional information that’s unique to that user in addition to their login password. This could be a security question or a one-time password sent to the user’s mobile device. Alternatives include a digital signature or biometric identification, such as a fingerprint or facial recognition
These approaches ensure attackers can’t access and attack data backups. They also help you maintain data compliance requirements in the cloud concerning data privacy and residency.
Immutability Ensures Integrity
The concept of an immutable backup is that the data can’t ever be changed. You can’t modify, delete, or overwrite the data. Importantly, a hacker can’t encrypt an immutable file. So, immutable backups are secure backup files that you can rely on.
Most immutable solutions use write-once-read-many (WORM) technologies that lock the data. Examples include Amazon S3 Object Lock and immutable storage for Azure Blob. With immutability in the cloud, it is normal to specify a retention period, after which time, the data will be unlocked and can be subsequently deleted in line with data retention requirements or when controlling cloud storage spend. An alternative is to add a legal hold that overrides the retention period until specifically unlocked by an authorized user.
There is one provision regarding immutability, and that is that the data must be uncorrupted and free of malware or ransomware before being saved. If this is not the case, the data can be corrupted or encrypted when you attempt to use these files for backup recovery purposes.
Encryption to Prevent Theft
Even though cybercriminals can’t encrypt your immutable backups, if they access the backup data, they may be able to exfiltrate the backup data and hold you ransom in this regard.
Most cloud providers provide several mechanisms for encrypting your data. Examples include AWS Key Management Service (AWS KMS) and Microsoft Azure Key Vault. Implementation is very straightforward, especially when using default keys, however it is advisable to utilize self-managed keys for greater control.
Case Studies and Examples
Here are a few case studies of organizations that have successfully implemented multi-cloud backup with the Veeam Data Platform:
Ciox Health
Ciox fulfills more than 50 million medical records requests annually. They looked for a vendor-agnostic solution that could support its multi-cloud strategy, which includes Amazon Web Services (AWS), Microsoft Azure, and a colocation data center, while also making data available for new use cases. With the Veeam Data Platform they were able to:
- Enable non-stop availability of more than 100,000 medical records per minute across multiple clouds, supporting excellent patient outcomes
- Create immutable backups of 500TB of data daily with a spend of less than USD 20,000 per month, maximizing business value
- Cut the cost of their data center consolidation and enable ongoing agility by moving data seamlessly between multiple clouds
As a result, Veeam is Ciox’s data migration tool of choice, offering significant time and cost savings over alternatives. The company also reduces risk with a cloud- and platform-agnostic data solution.
Carrefour
Carrefour is a leading international retailer. Established 60 years ago in France, Carrefour now operates over 12,225 stores in over 30 countries and employs 321,000 people globally. Every day, Carrefour handles 11 million in-store check-out transactions, while its e-commerce sites receive 1.3 million visits. The group is on a mission to increase access to healthy, delicious, and sustainable food worldwide.
They needed a solution that seamlessly integrated with IBM AIX, Windows, Linux, and VMware, hosted on-premises and in the Google Cloud. In stepped Veeam and with the Veeam Data Platform they were able to:
- Support outstanding shopper experiences by enabling 100% end-to-end protection of data
- Cut backup windows from hours to just 30 minutes, reducing the risk of disruption to distribution or sales processes
- By limiting backup windows and accelerating data restore times they enabled exceptional service continuity
- Transform the efficiency of backup operations through a central point of control, freeing up time for innovation
Veeam is adding another layer of protection to Carrefour Argentina’s cyber resilience strategy, helping the company to ensure it can recover quickly from an attack.
Gulf Air
Commencing operations in 1950, Gulf Air, the national carrier of the Kingdom of Bahrain, is one of the first commercial airlines established in the Middle East. Connecting the Kingdom of Bahrain to the world, Gulf Air operates a fleet of Airbus aircraft, including A320, A321, A320neo, and A321neo models, as well as Boeing 787-9 Dreamliners. Supported by a high-value Falcon Flyer program, Gulf Air aims to be a best-in-class regional airline with a global footprint.
They needed a solution to support their migration from on-prem data centers to AWS and Azure. As a result of deploying Veeam Data Platform they were able to:
- Increase data availability and the Gulf Air IT team’s ability to meet service level agreements (SLAs) by an estimated 30%
- Manage backups for 100% of their data across on- premises infrastructure plus AWS and Microsoft Azure cloud environments through a central point of control
- Reduce data protection administration by 20%, giving the IT team more time to focus on innovation
Using Veeam, Gulf Air can manage backups for 100% of its data across its on-premises and multi-cloud environments through a single pane of glass. The organization is driving down both backup times and administration as a result.
For more Veeam hybrid cloud success stories download our Hybrid Cloud Customer Success Story Reference Guide.
Future Trends in Multi-Cloud Backup
- So where does multi-cloud backup go from here? Per the Cloud Protection Trends Report for 2024, a significant piece of independent backup and data protection research IaaS & PaaS — the trend around fluid movement between multi-hybrid cloud storage strategies has escalated quickly, especially considering the growing adoption of cloud-powered tools and services. Based on this multi-faceted approach, organizations have reached a point where long-term retention is playing a larger role in IT strategy
- SaaS — There are multiple reasons why organizations are backing up their M365 data. Indicators show the broader market is more likely to use third-party data protection with enhanced M365 services and capabilities. More important, these use cases are reaching beyond the traditional backup and long-term retention scenarios
- BaaS & DRaaS — For a more concise interpretation, BaaS is noted as extending further on tactical improvements, and DRaaS is more purposeful to the business in generating strategic benefits
- Many organizations started with self-managed backup using cloud storage. But, later, they switched to an MSP to further leverage expertise around capabilities. These shifts are seen as having a prolific impact due to increased optimism around hybrid, multi and the importance of a comprehensive data protection strategy
Consider Multi-Cloud Backup Today
A reliable, flexible backup solution is the key to ensuring you can recover your multi-cloud environment with confidence. Adopting a multi-cloud backup solution should be an essential part of your multi-cloud data protection strategy. As you can see per our success stories above, the Veeam Data Platform has the layered security and fast, reliable recovery your business needs to stay agile and protected in the event of a ransomware attack or outage.
Once you have your multi-cloud environment in place and are ready to implement a secure cloud backup solution, schedule a consultation with one of our multi-cloud backup experts for guidance and support on your data protection journey. You can also download our #1 Hybrid Cloud Backup Guide.