Cyber Resilience in the Cloud: A Conversation with Carbonite’s Craig Blessing
Trends in cyber threat are making cloud-based backup an increasingly popular option, especially for smaller firms that want to be secure, but require efficiency and economy. For Carbonite’s Craig Blessing, backup is just part of a bigger picture, however. In his work as Global Alliance Director for Carbonite, Blessing advocates for the cloud as the basis of cyber resilience. Carbonite is an OpenText company.
What is cyber resilience in the cloud?
Cyber resilience in the cloud is the outcome of processes that make the cloud into the foundation of business continuity. The goal is to be resilient—able to return to normal business operations as quickly as possible—in the face of any threat from cyberattack to power outage. Data backup to the cloud is integral to cyber resilience in the cloud, but the overall effort must be broader in nature to succeed. According to Blessing, “Being resilient means having the resources to get things back to operational condition on a rapid basis. To do this, you have to have a plan, as well as the tooling, to restore data and services.”
Overcoming concerns about the cloud
Blessing has been in the cyber resilience field since before it was even known by that name. In his career, he has seen the cloud evolve from a novelty to a source of concern to a well-accepted norm. “We’re way past the point of worry about whether the cloud is safe,” he said. “Indeed, as many of our customers have observed, the cloud infrastructure is usually a great deal more secure than anything they can muster in the server room or even in a contract data center. People feel more secure with their data in the cloud today, which is partly due to the functionality of the Carbonite solution.”
Drivers of interest in cyber resilience
Small-to-midsized businesses are expressing interest in cyber resilience in the cloud due to a steep increase in cyberthreats that affect their businesses. Ransomware, for example, is up by 72% this year, according to SkyBox Security. “Ransomware can stop a small firm dead in its tracks,” Blessing explained. “And, as IT professionals are learning, even if you’ve cleared up the malware after a ransomware attack, you might still have deep implants in your systems. The cloud offers a safe haven for critical digital assets.”
“You have so many people at home now, using personal machines for work, that it makes a lot of sense to have the cloud as a centralized, managed backup repository of business data,” Blessing added.
Other attack vectors affecting demand for cloud backup include phishing attacks, social engineering, malware, denial of service (DoS) and more. The remote work trend, accelerating due to COVID-19, is also resulting in growth for Carbonite. “You have so many people at home now, using personal machines for work, that it makes a lot of sense to have the cloud as a centralized, managed backup repository of business data,” Blessing added.
Making it work
Cloud backup is quite simple in concept but challenging in execution. Carbonite has invested years in developing proprietary technologies that make cyber resilience in the cloud as efficient and secure as possible. For instance, they have developed a sophisticated de-duplication “engine” that limits repetitive backing up of the same file. “If you have 25 employees, you probably have 25 copies of the identical PDF for the company’s HR manual. Our solution can back it up in the cloud once, avoiding the network traffic and cloud storage required to copy the PDF 25 times.” IT staff like this, because it keeps backup-related network traffic and internet bandwidth use to a minimum.
“If you have 25 employees, you probably have 25 copies of the identical PDF for the company’s HR manual. Our solution can back it up in the cloud once, avoiding the network traffic and cloud storage required to copy the PDF 25 times.”
Compliance is another area of concern that Carbonite has addressed. Privacy laws like the EU’s GDPR and California’s CCPA place strictures on where personally identifiable information (PII) can be stored. This includes backups. For this reason, companies must be careful in designating backup sites. In the EU, for example, a business might accidentally transgress GDPR by selecting a cloud backup in another country—moving data across national borders, which is prohibited by the law. “We have technology to detect and alert clients to possible compliance issues with cloud backup,” Blessing said. “It’s all part of ensuring cyber resilience without causing unintended issues elsewhere in the business.”