A few years ago, cloud-based backups were a pipe dream; there were no economics that supported such an effort, and Internet connections were relatively slow. Today, even bandwidth-intensive services can often be supported. If your organization is deciding whether to move to cloud backups, here are five things to consider.

1: Cost

There are a variety of ways to charge for backup services. Several options include:

  • Many providers will charge for storage and bandwidth use but base it on tiers of service — so the more you use, the less you pay per increment.
  • Some providers will charge you a flat fee based on unlimited use or how much data you plan to store; others will charge you based on your storage use and bandwidth used to transfer the data.
  • Some providers may charge more for additional backup services, such as offloading to tape.

The bottom line is make sure you understand your backup patterns and needs and how your selected vendor’s pricing fits so that you don’t get any nasty surprises.

2: Bandwidth

In general, Internet bandwidth tends to scale based on the size of the company or the office. A small company with a couple of employees might do just fine with a DSL connection to the Internet, while that 5,000 corporate behemoth down the street might enjoy a multi-gigabit redundant Internet connection. In either case, if backup services are to be outsourced to the cloud, both upstream and downstream bandwidth needs require careful scrutiny. Remember, for many Internet connections, there is a huge difference between upstream and downstream connection speeds, with upstream speeds often capped at very low rates when compared to the downstream side of the pipe. A cloud based backup service could easily saturate that upstream connection.

My hunch is that smaller companies would be more interested in cloud-based backup services than larger companies; smaller organizations often have residential-style connections to the Internet that feature very good download speeds, but very poor upload speeds. Larger organizations are likely to have a more balanced upload/download ratio; however, a large organization will probably have much more data to back up, too.

Regardless of company size or downstream Internet connection capability, before embarking on a cloud-based backup venture, be sure to evaluate existing infrastructure to make sure that the network is up to the task.

Bandwidth may not be an issue after the initial data load takes place; that is, once that first full backup is complete, many cloud providers send only changed blocks of information over the network to the service provider location.

3: Security

Even as the choice of cloud-based service providers explodes, many people are wary about taking the plunge into the unknown. After all, even if a cloud vendor promises top-notch security, it can be a comfort to keep data under one’s own roof and not allow it to traverse the Internet and be stored on some stranger’s servers.

All that said, some cloud-based services are too tempting to ignore, so it becomes important to assess the provider’s security offerings to make sure that your data is protected and that you aren’t accidentally breaking any laws.


Regardless of which cloud backup provider you choose or what you’re backing up, end-to-end encryption is absolutely critical. Data should be encrypted while in transit between your source systems and the provider’s systems and should remain encrypted while at rest in the provider’s data center. Further, if the provider takes additional backup steps beyond that initial disk-based system, ask them for full details about how they protect your data from unauthorized access.

Compliance issues

More and more entities are forcing new requirements on many organizations. From PCI compliance to Sarbanes-Oxley to HIPAA, there are specific steps that need to be taken in some cases to stay on the right side of the compliance issue. You need to pay special attention to your backup provider’s contractual language to make sure that you don’t unintentionally leave your organization open to legal or compliance issues due to a failure on the part of your backup provider.

Geographic diversity

The purpose of backup is to protect your organization in the event of a disaster — or at least to make sure that you can recover an accidentally deleted email message. If you’re serious about the use of a cloud-based backup provider, don’t let a failure on their end (power, data loss, etc.) create a problem for you. Find out if the provider offers geographical redundancy in their service.

Termination agreements

Your arrangement with a cloud-based service provider might end before you originally plan. Before signing a service contract, make sure you create conditions for a successful termination of the relationship by insisting that, upon cancellation or termination of the contract, all of your information is fully purged from the provider’s systems. Don’t wait until it’s time to end the service to make termination arrangements.

4: Recovery

When your backup system sits in your own data center, recovery processes and procedures are a pretty simple matter. If a user needs a file recovered, you just do it. If the data center burns down, you have at your fingertips what you need to rebuild your systems — procedures and backups. You don’t need to worry about bandwidth — after all, the data center often enjoys massive bandwidth between systems. Once you outsource your backups to the cloud, however, that all-important connection speed raises its ugly head again, particularly in the event of a disaster that requires a major restoration process.

If you run across a particularly substantial challenge, you might even need to go so far as to get a physical dump if your data from the backup provider.  It’s possible that having your data shipped to you on physical devices would be faster than performing a full reload of your systems over the Internet.

Before signing your service contract, work with your provider to assess their ability and willingness to help you quickly recover from disaster.

5: Vendor reliability

I believe that we’re seeing a huge cloud bubble today, much like the Internet bubble of the 90s. I distinctly remember walking into a Staples and seeing an “Internet compatible computer desk” advertised for sale; today, the word cloud is associated with everything, increasing the possibility that unsustainable companies will rise and then fall or be acquired. Even if a company goes under, the safety of your data is of prime importance.

Although you hope that the provider you choose is in business for the long haul, make sure you plan for the possibility that it will be there one day and gone the next. You should negotiate up front about what happens to your data if a company goes out of business or is acquired and make sure your contract can’t be unilaterally changed in the event of an acquisition.

In addition, customer references remain a powerful tool in your analysis arsenal but use them liberally. For particularly large projects, you might even go so far as to visit the vendor’s facilities to gain a first-hand look at its operations. Is it run from someone’s basement, or do they really have all the bells and whistles (i.e., backup generators, redundant storage services and power) that they promise?

Keep up with Scott Lowe’s posts on TechRepublic