The first two parts of this three-part series provided a starting point for CMOs who are responsible for those cloud applications used by their teams. Cloud application myths were dispelled with facts, and three key concepts for cloud data protection were reviewed. In this final installment, CMOs and their teams will be able to access a checklist they can use to align their processes with known IT best practices.
Before the Action Plan, a Few Definitions
The following definitions will be helpful as CMOs and their teams take on their new data protection responsibilities, and work with IT as needed to ensure compliance.
- An array is a method of storing elements of indexed data (see Replication).
- Cloud Data Loss. In cloud systems, an error made in which data is destroyed, or is accessed inappropriately through failures or neglect in storage, transmission, or processing. Data loss is not the same as data unavailability, which may arise from a network outage or other temporary access issues. Unlike data unavailability, data loss may be permanent. Data loss incidents can also encompass data breach incidents, such as a user’s rights to access a Cloud application being hacked, opening unrestricted access to sensitive data.
- Cloud Data Recovery. Recovering original data that has been deleted from a Cloud instance. Typically, the contents of deleted files are not removed immediately from a cloud drive—but references to them in the data directory structure are removed, and the space they occupy is made available for later overwriting, putting the data at risk of loss. If the original data remains, it is often in a number of disconnected fragments, and will take time and effort to restore to a usable condition.
- Cloud Data Restore. Recovering data and related metadata to make it usable by a data consumer.
- Data Consumer. The people, processes, and / or systems that rely on the data and metadata generated by a specific cloud application.
- “Data about the data.” For the purposes of cloud applications, metadata often defines and controls business rules (logic), presentation (reports and dashboards), and configuration information.
- Recovery Point Objective (RPO). The amount of data that an organization is willing to allow consumers to lose, in the event that data from a cloud application has to be recovered.
- Recovery Time Objective (RTO). The amount of time allowed for data and metadata (reports, dashboards) from a cloud application to be recovered and fully functional for use by its consumers.
- The process of copying data within an array (a drive, a tape backup, or similar) to another space within the same array, to a separate local array, or to a distant array.
Now that you’re familiar with some of the basic terminology you’ll need to partner with IT, review the seven checklist items below—this will make a good starting point for your team to reduce the risk of data loss from Marketing-managed coud applications.
The 7-Step CMO Checklist for Cloud Data Protection
- Set up policies to manage access and use of third-party applications (AppExchange apps, Marketplace apps, plugins, etc.) that can write or overwrite your cloud application data.
- Partner with IT to regularly analyze cloud service usage to identify out-of-norm usage patterns that may be early indicators of data theft or malware.
- Change Management. Once a quarter or whenever there are changes announced by your SaaS vendors, review vendor policies on security, backup, and data retention with your IT security or backup team.
- Change Management. Define policies for onboarding and off-boarding both admin and end-user access to your systems, including management of unique IDs and strong authentication.
- Set up data retention policies, and designate a retention/deletion owner, to prevent inadvertent data deletion.
- Ensure your teams have automated a daily backup of the data and metadata stored in a vendor’s cloud to at least two other locations, to meet RTO and RPO needs.
- Test current restore processes to identify areas of RTO risk, and work with IT to further reduce the time it would take to restore, not just recover, from data loss.
Since IT has traditional responsibility for managing the tools and systems needed for business continuity, make time to work with them. IT can be a strong partner as you implement these best practices. By getting the benefit of IT expertise, you and your teams can focus on moving the organization forward through innovative marketing strategy, rather than on the technical challenges of cloud data protection.
For Additional Information:
About the Author:
Lori Witzel – Product Marketing Manager, Spanning Backup
Lori Witzel has lived in Austin, Texas since there were more horned toads than technologists, and has been sharing info with, listening to, and learning from tech users ever since. Prior to Spanning Backup, Lori worked for various early-stage Cloud start-ups, mid-sized middleware providers, and eduducational tech firms, and she’s always eager to learn more. Visit Lori’s profile on Google+
This article is part 3 of a 3-part series:
- Part 1 – CMOs: Mastering Your New Role as Cloud Data Protector
- Part 2 – What Every CMO Should Know about Cloud Application Data Protection
- Part 3 – CMOs: Your Action Plan for Cloud Application Data Protection