Multi-cloud is a common backup strategy today, providing users with the redundancy and flexibility needed to keep data secure. However, the complex nature of using multiple clouds can result in some key challenges.
While all the major cloud vendors — Amazon Web Services, Google Cloud and Microsoft Azure — offer vast amounts of data storage and backup resources, many businesses choose to spread out storage requirements across different clouds, from different providers.
For mission-critical or sensitive data, such as files and databases with personal customer data, it makes sense to back up the data to two different cloud vendors instead of a single vendor. If one cloud vendor experiences a disruption, copies of the same data are safe with the other provider. A strong backup strategy requires that organizations have multiple copies of data in multiple locations on multiple media formats, and multi-cloud backup checks two of those boxes.
But with all the benefits of multi-cloud, backup admins might also face several challenges. Compatibility issues, data portability and service-level agreements (SLAs) are just some of the potential complications of a multi-cloud backup strategy.
Multi-cloud backup considerations
Several important considerations must be made when implementing a multi-cloud strategy. The following list offers guidance on the key issues associated with multi-cloud backup.
1. Compatibility across vendors
For clouds to be compatible, the different cloud services in use must be able to support all systems and data involved. For example, when a disaster recovery plan requires the seamless failover of a mission-critical system from one cloud platform to a different vendor’s platform, cloud vendor compatibility must be verified ahead of time to ensure that all data can fail over across platforms.
2. Differences in security provisions
Security offerings differ for each cloud service, so backup administrators must make sure that the vendors they choose meet the organization’s security requirements. Consistent and verifiable security provisions across all backup clouds ensure consistent compliance within the organization and ease administrators’ management.
3. Support for legacy systems
Organizations that continue to use legacy systems will need assurances that their unique systems can be supported by all prospective cloud vendors. Owing to a legacy system’s sensitivity and the dependency the organization might have on it, it might make sense to deploy the system locally in addition to multiple clouds.
4. Loss of control
Users generally know that shifting any of their operations to a cloud vendor will result in a loss of control over their assets. Data and systems administrators must determine the level of access and oversight needed to maintain normal operations. Using multiple clouds complicates this further, so users must understand each vendor’s rules when moving to multiple clouds.
5. Cloud costs
The three largest cloud vendors — and many other managed service providers — offer dozens of different service arrangements. Regardless of the cost, using multiple clouds will at least double these expenses. Organizations must factor this into the backup budget. When choosing between providers, it can be helpful to decide what minimal resources they need, plus additional nice-to-have resources.
6. Service-level agreement fine print
SLAs are an essential tool for ensuring that cloud vendors — and any other vendor, for that matter — deliver the services that have been contracted. For example, something as fundamental as the amount of time it takes for the cloud vendor to respond to a customer service inquiry is an important SLA metric. Penalties for nonperformance by vendors should be included in SLAs. Different cloud providers will have different metrics, so make sure that any SLA requirements are included and agreed to by all cloud vendors.
7. Systems and data portability
At some point, moving systems and data from one cloud vendor to another might be necessary. Users must ensure that the cloud vendors they use can facilitate the portability of their assets from one vendor to another. Users must also determine if there are any penalties and fees for such activities. This can be an important metric for an SLA.
8. Access to advanced services such as AI
Each of the major cloud vendors has considerable experience with AI, and services being offered by each will often be supported by AI elements. In a multi-cloud environment, users must carefully evaluate the AI resources and associated costs of each vendor, and how they can use those services.
9. Training on cloud services
When an organization implements a new cloud service, some level of training should be provided. Users dealing with multiple cloud vendors must ensure that whatever service arrangements they use, training will be available to facilitate the installation and ongoing operations.
10. Input from other multi-cloud customers
Experiences and recommendations from other multi-cloud backup and storage customers can often be among the most important decision factors. This is especially true considering the number of cloud vendors and services available. Every organization will have different needs, but look into the experiences of businesses that have used multiple clouds from any providers you are considering.
Additional cloud considerations
The issues listed above apply specifically to multi-cloud backup, but don’t forget to vet services in all the areas expected of a cloud backup provider. Customers with data storage requirements must ensure that vendors follow relevant standards and regulations.
Be sure to regularly test and verify that the data and systems being backed up can be accessed quickly in an emergency. Whenever any kind of service arrangement is being deployed with a cloud vendor, the vendor should have a process for testing the arrangement so that the users can be confident the vendor can support their requirements.
While using multiple clouds will still increase an organization’s costs, working with more than one vendor enables them to compete against each other, which can sometimes increase the chance of getting a deal.
Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.
