Cloud Data Protection: Insights from UniSuper’s Google Incident

What is it?

In May 2024, Google inadvertently deleted the cloud account of UniSuper, a colossal $135 billion pension fund. This mishap caused two weeks of downtime, highlighting a critical lesson for businesses of all sizes: the importance of backing up your cloud data. While the shared responsibility model clarifies the roles of cloud providers and users, it also underscores the necessity of having a robust cloud-to-cloud backup strategy.

Why should you care?

Imagine waking up to find that your pension fund, worth billions, has been wiped out due to an error by a trusted service provider. This was the reality for UniSuper when Google accidentally deleted their cloud account. The incident, which caused significant disruption and panic, serves as a stark reminder that even the most reliable cloud providers are not infallible.

The incident with UniSuper is not an isolated one. While Google Cloud, like other major providers, boasts robust infrastructure and redundancy measures, human error or technical glitches can still lead to catastrophic data loss. This event has put a spotlight on the importance of cloud backups and the shared responsibility model in cloud services.

What can you do?

Understanding the Shared Responsibility Model

The Shared Responsibility Model is a fundamental concept in cloud computing that delineates the responsibilities of the cloud service provider (CSP) and the customer. While CSPs like Google, Microsoft, and Amazon manage the infrastructure, security, and availability of their services, the onus of data protection falls squarely on the customer.

Image: The Microsoft Shared Responsibility Model – https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Responsibilities of Cloud Providers:

• Infrastructure security
• Physical security of data centers
• Network and hardware management

Responsibilities of Customers:

• Data protection
• User access management
• Compliance with data regulations

The Google-UniSuper incident highlights a critical aspect of this model: while Google ensures the security and availability of its cloud infrastructure, the ultimate responsibility for data integrity and availability lies with the customer. Therefore, relying solely on a CSP’s assurances without implementing additional backup measures can be perilous.

Importance of Cloud to Cloud Backup

Cloud to cloud backup involves copying data from one cloud service to another, ensuring an additional layer of protection. This strategy mitigates risks associated with data loss due to provider errors, cyber-attacks, or even malicious insiders. By diversifying your data storage across multiple platforms, you create a safety net that guards against catastrophic data losses.

Practical Steps for Implementing a Cloud Backup Strategy

1. Assess Your Data: Identify critical data that needs protection.
2. Choose the Right Backup Solutions: Consider scalability, security, and compatibility.
3. Regularly Test Backups: Ensure backups are functioning correctly.
4. Educate Your Team: Train your team on best practices for data protection.

Lessons from the Field

LESSON 1: CANADIAN INSURANCE COMPANY HIT BY RANSOMWARE

A Canadian insurance company paid $950,000 in ransom after a ransomware attack infected 1,000 computers. The breach, revealed through British court documents, raised concerns about data access and disclosure to customers. The company’s U.K.-based reinsurer paid the ransom in bitcoin and is now trying to recover the funds. The attack began on October 10, 2019, with hackers encrypting the company’s files and demanding a ransom. A digital decryption tool was provided after payment, but it took days to decrypt all affected systems. The case remains confidential, with both the Canadian company and reinsurer unnamed.

LESSON 2: ALBERTA DENTAL SERVICES CYBER ATTACK

Over 1.4 million Albertans’ records were targeted in a cyber attack on Alberta Dental Services Corporation (ADSC). ADSC paid a cryptocurrency ransom to recover encrypted data. Most accessed data was limited to names and ID numbers, with 7,300 records containing more sensitive information. ADSC has enhanced security measures and reported the incident to police. The attack likely originated from a phishing email, emphasizing the need for cybersecurity vigilance.  A dental office seems like an unlikely target, but look at the damage that has been caused.

Is Cloud Backup Necessary?

You might be wondering whether investing in cloud backup is really worth it, especially if you’re running a small operation. However, it’s crucial to weigh the potential costs of data loss against the expense of implementing backup solutions. Consider the implications of operational downtime, loss of client trust, regulatory fines, and reputational damage that can result from data breaches or accidental deletions.

In comparison, the investment in cloud backup is relatively minimal when you consider the invaluable protection it provides. With cloud backup, you can rest assured that your business is equipped to withstand any data-related disruptions that may come your way.

Ready to safeguard your data in the cloud? Partner with Britec for reliable, tailored IT solutions. Remember, Britec helps. To learn more about Britec’s Data backup expertise check out Security & Backup and Why Britec Uses Datto for Business Back Up.