Last month, there was the CrowdStrike incident that rendered 8.5 million PCs unusable, though Microsoft said this was just a subset of affected computers. Last week, a Mobile Guardian hack wiped out 13K devices in Singapore. These incidents are a timely reminder of the need to take steps to protect your own data.
The CrowdStrike incident struck on 19 July. Its faulty Falcon security software affected many businesses, locking them out of their Windows computers, and resulted in large-scale disruptions to business operations around the world. Some businesses took many days to recover access to their computers, and yet longer for their business operations to resume to normal.
Many end-users may find the CrowdStrike incident to be just an interesting anecdote. Mobile Guardian, however, made sure that a grim lesson on data security is brought home to end-users, especially parents and students.
For those unfamiliar with Mobile Guardian, it is a type of device management software used to provide controls over usage of a mobile device. In Singapore, this is a software that MOE has prescribed to be installed in iPads and Chromebooks used by students. Schools and parents are given control over what students can do on these Personal Learning Devices, the term MOE uses to describe these devices.
Mobile Guardian was hacked on 4 August. The hack resulted in 13K PLDs getting wiped clean, i.e., all everything on the device was lost. Many students reported to have lost all their learning materials, and particularly those sitting for their upcoming O-level examinations were understandably more anxious and frustrated about the incident.
That the devices were iPads and Chromebooks might have prompted the question of why data was not backed up to the cloud. With both platforms, you’d expect cloud storage to be used. The good news, I suppose, is that most people do use cloud storage. They can retrieve their data, though some of them may need help to get access to their data.
However, it won’t be unusual that some people would have some data stored locally. It may be that they meant to be backed up to cloud, but the sync just hadn’t happened yet. These people would lose just a bit of data, and these would be the most recent, which presumably may be easier to recreate.
For those who choose to store some data locally only, or worse still, not to use cloud at all, unfortunately, this incident would have serious repercussions for them. I’m sure this incident will lead then to rethink their data storage strategies.
Cloud storage has many advantageous. By and large, the cloud is more robust, more resilient, and generally offers you better data protection that you could do on your own with your own storage devices. This is true at least for most casual end-users.
However, let’s not forget that cloud storage does not have zero-risk. Cloud providers can have their own accidents. An Amazon cloud crash in 2011 destroyed some customers’ data. A Google accident wiped out a large customer’s data in 2023. There were also other Google incidents last year, including one involving Google Drive losing data.
Cloud storage also won’t protect against malware that intentionally seeks to wipe out your network-based storage. Let’s also not forget that cloud storage is not immune to ransomware.
What this all means is that while cloud storage is a great option for most people, it must not be the sole storage strategy. You definitely need to back up your cloud data to some other location. That may be another cloud service, or better yet, physical disks you own that can be kept offline.
There is a revered and time-honoured backup strategy known as the 3-2-1 backup rule. It is a data protection strategy that prescribes having three copies of your data, stored on two different types of media, with one copy kept off-site. This rule, however, predates the advent of ubiquitous cloud storage.
When you use cloud storage, I tend to think having an additional local copy on an external storage drive will satisfy the 3-2-1 backup rule. This is because the cloud themselves surely provides multiple copies at multiple sites. Your local copy would count as another media type and another bonus site.
For prosumers, you may like to consider self-hosting your own NAS. You should also consider your needs in respect of backup and replication too. I’d like to remind that backup and replication serve different purposes.
In light of the Mobile Guardian incident, the simple takeaway for most people is to make sure that your on-device data is backed up to cloud.
Where practical, keep an additional copy on local storage. I don’t mean to simply sync your cloud data to another cloud-connected device, but that additionally, you should backup all that data into another storage device. This is important as it mitigates against risk that a cloud provider issue causes data to be deleted from any cloud-connected device that syncs automatically.
Do remember that, ultimately, it’s your responsibility to protect your own data. Cloud services are convenient and largely dependable, but they are not infallible.