The cloud storage market for the education industry is now projected to reach US$3.986 billion by 2023 and many industry leaders have expressed their plans to increase cloud usage by more than 50 percent over the next three years.
In the case of Kyoto University, catastrophic data loss could have been prevented if there was a multigenerational backup in place to restore deleted files. Here are some steps institutions can take to implement an effective cloud backup plan and avoid similar incidents:
1. Test your recovery process:
The recovery costs following an infrastructure failure or human error can be significant. For example, Baltimore County Public Schools spent more than $8.1 million on recovery after an attack in 2019. Recovery testing must be done in anticipation of any potential threat to determine and eliminate any errors in the process. It also must be done frequently and on a fixed schedule. Keeping records of the results will not only help you find gaps in protection but also will be useful for decision-making when adjustments need to be made. This testing can be time-consuming and technical, but with a flexible cloud ecosystem, IT teams can easily access their data and test their recovery process in advance.
2. Implement a 3-2-1 backup approach:
Another key lesson learned from Kyoto University’s data loss incident is to avoid having all data backed up in one place. It’s good practice to keep at least three copies of data, with two on different media formats, and one of those being off-site – also known as the “3-2-1” backup approach coined by Veeam, one of the world’s leaders in cloud backup. Different media formats could be a hard drive, tape, or the cloud, depending on your school’s budget and the importance of your data given some media formats are less secure than others. Keeping one copy off-site means diversifying the storage locations, which could be another building sent through the WAN or Sneakernet, shipping the tapes off to a storage facility, or using public or private cloud.
3. Leverage object-level immutability:
Data in the cloud can still be affected by threats, and some operators will try to extort money from educational organizations by targeting cloud backups. In these instances, attacks are often started on-premises (by way of an infected USB flash drive, attached file, URL download, or other) and uploaded to the cloud through a backup. In some cases, cybercriminals can access the networks of victims via exposed remote desktop services, gain access to their cloud credentials, and then proceed to delete their cloud backups, before deploying the ransomware.
With object-level immutable storage in the cloud, data cannot be deleted or altered by anyone, not even a systems administrator, during a specified retention lifetime. This feature minimizes human error and ransomware threats, and protects critical data like research data and students’ and faculty’s personal information from being tampered with or deleted. Another key advantage of immutable storage is the enhanced audibility it provides your team and/or outside auditors to make sure your IT systems and practices are FERPA-compliant.
The evolving threats universities face daily will likely be around for the foreseeable future, so it’s critical that IT departments are prepared for such eventualities – it’s not a matter of if, but when. The move to the cloud will be a pivotal step for the industry in guarding against future cyber threats.
- Defining high-quality microcredentials for higher ed - May 20, 2022
- Modern lab equipment is key to revolutionizing STEM learning - May 17, 2022
- Is unbundling the future of higher education? - May 16, 2022