Understanding Modern Threats to Cloud Data
A BackupAssist Research Survey Report
Published April 2019
The times have changed for managed service providers. Ten years ago, a company would host their data in an on-premises file server. The common threats to data were well known: hardware faults, theft, human error, fires and natural disasters.
In contrast, today many companies are hosting their data in the cloud. This means for many, the old ways of losing data are no longer a concern.
However, moving data to the cloud has opened up a new vector of attack – cyber attacks. Today, problems with hacking, phishing, and other methods of sabotage are exploding in ways we have never seen before.
With the rise of cryptocurrency and cloud hosted data, hacking has never been so lucrative.
In the first quarter of 2019, we performed a global survey of 256 MSPs servicing everything from small to medium businesses to enterprise clients. A total of 16 questions were asked as part of the survey.
As part of our dedication to eliminate data loss as a threat to all businesses, we proudly introduce the 2019 “Understanding Modern Threats to Cloud Data” Research Survey Report.
98% of clients using the cloud are storing mission-critical data
Of the surveyed MSPs, over 70% of their clients were using some sort of cloud storage service. E.g. Office 365, Gsuite, Dropbox.
What was surprising was the amount of data MSPs classified as “mission critical” being stored in the cloud. Only 1.95% of surveyed MSPs said their cloud-using clients were not storing business-vital data in the cloud.
This means the data clients are storing in the cloud is more than just valuable, it’s essential to that client’s survival. Any threat of data loss to that client is an existential one – a single event that could wipe that client’s business out.
Question: How much data can your average client not afford to lose? E.g. Legally required to retain, critical to operations.
They cannot afford to lose ANY cloud data.
About 80% of their cloud data.
About 60% of their cloud data.
About 40% of their cloud data.
About 20% of their cloud data.
They could lose all of their cloud data.
MSPs are extremely worried about clients losing their cloud data.
of MSPs reported they were greatly concerned about clients losing cloud data.
said they were "not at all" concerned about clients losing data in the cloud.
The overall rate of concern about clients losing their cloud data was high among respondents.
Commonly cited concerns were crippling loss of business and downtime for the client, damaged reputation for both the client and MSP, and the MSP losing their contract with the client.
Question: How concerned are you about your clients losing data?
In contrast, clients are not as worried about losing their cloud data.
According to MSPs, there is a large gap between the concern they have for their clients losing data, and the client’s concerns.
While 52% of MSPs reported they were very worried about clients losing data in the cloud, only 24% of clients shared this sentiment.
This was also reflected in how many MSPs saw no risk of cloud data loss (2%) vs the clients (13%).
Question: How concerned are your clients about their cloud data being compromised or lost?
A great deal.
A moderate amount.
Not at all.
Less than half of MSPs have a backup solution in place for client's cloud data.
have no current cloud backup strategy in place for their client's cloud data.
of MSPs have a cloud-to-local backup strategy in place.
of MSPs have a cloud-to-cloud backup strategy in place.
Even though a staggering 98% of recipients answered that their clients had mission critical data in the cloud, less than half of MSPs have any backup plans in place to safeguard this data.
The survey found 57% of respondents were without a current cloud backup plan. Of those respondents without a current plan:
- 67% were actively seeking a cloud backup solution for their clients.
- 14% did not believe their clients needed a solution.
- 19% were not actively seeking a solution, but believed their clients needed one.
In response to qualative questioning, some survey respondents voiced their preference for cloud-to-physical (C2P) over cloud-to-cloud (C2C) backup for their clients.
One of the cited reasons was a need for control of the cloud data, which these MSPs felt was lacking on cloud platforms.
Most MSPs believe clients should be backing up their cloud data.
Of the surveyed MSPs, 72% said all or most of their clients should be backing up their cloud data. This is particularly interesting, because only 43% of them actually have a cloud backup plan in place.
Since 98% of respondents said their clients had mission-critical data in the cloud, this indicates a serious gap between what MSPs believe needs to be done to protect their client’s business continuity, and what is being done.
Question: How many clients would you recommend back up their cloud data?
“All of them.”
“Most of them.”
“Some of them.”
“None of them.”
Most MSPs consider ransomware the largest threat to client's cloud data.
of MSPs consider ransomware a significant threat to client's cloud data.
of MSPs consider a cyber-attack on client's cloud data a high to very high threat.
of MSPs stated accidental cloud data loss, caused by the client, was a significant threat.
When it comes to cloud data loss, MSPs consider ransomware the most significant threat, followed by cyber-attack and accidental data loss.
Other significant threats MSPs identified were:
- A breach of confidentiality such as theft or unauthorized access. (38%)
- Malicious rogue employee activity. (21%)
- A cloud provider mishap, resulting in data loss. (19%)
- Administrative error. E.g. Account closure, unpaid bills. (17%)
Other rarer concerns included failure of cloud backups, the provider being sold and resulting policy changes, and third-party software causing data loss.
These figures show there are a large number of MSPs who believe there are multiple, significant threats to their client’s cloud data.
These threats are also vastly different from traditional threats associated with physical servers. E.g. Hardware failure, natural disaster, physical theft.
Recipient Data: Clients Being Served
Of the survey respondents, the most common kind of client served were those operating small businesses (53%) and medium businesses (42%).
This means while the survey results include MSPs that service large to enterprise-sized customers, the figures are much more indicative of the current state of cloud data preparedness for SMB clients.
Most common client business size serviced by respondents:
Small (20 employees or less)
Medium (200 employees or less)
Large (500 employees or less)
Enterprise (500+ Employees)
For MSPs, the threats to client data has drastically changed. These survey results indicate the overwhelming majority of clients are storing at least some business-critical data in the cloud, and less than half of MSPs are taking steps to safeguard this data.
This indicates there is a massive threat to client’s cloud data – and by extension, their business continuity – in 2019.
Surprisingly, the MSPs are more than aware of these threats and are able to clearly identify them. However, there appears to be a dearth of awareness among clients of these dangers to their cloud data, despite MSP awareness of these issues.
The results indicate that most MSPs who do not have a cloud backup plan in place, whether this is C2C or C2P, are actively seeking out a solution. This is positive news, because it means even though clients do not recognize these threats, the MSPs are putting in backup plans regardless.