The Importance of 3-2-1 Backups: Lessons from the UniSuper-Google Cloud Incident
In a recent event, UniSuper, a major Australian superannuation fund, experienced a significant outage. This incident left over 620,000 members without access to their super accounts for more than a week, all of this due to a misconfiguration in UniSuper’s Google Cloud services. We are going to unpack the incident and highlight a robust backup strategy, the 3-2-1 backup rule, that ensures no data is lost in such a scenario.
Understanding the Incident
The outage at UniSuper was caused by an unprecedented misconfiguration of their Private Cloud services, which led to the accidental deletion of their cloud account. Despite having geographic duplication in place, the deletion impacted both sites.
In a joint statement, UniSuper's CEO, Peter Chun, and Google Cloud's global CEO, Thomas Kurian, apologised for the disruption and assured that measures had been taken to prevent such occurrences in the future. Fortunately, UniSuper had backups with another provider, which minimised data loss and facilitated the recovery process.
The Myth of "Too Big to Fail"
One of the key takeaways from this incident is the debunking of the myth that large cloud service providers are "too big to fail." While providers like Google Cloud have extensive resources and sophisticated infrastructures, they are not infallible. Unplanned events, such as misconfigurations or technical glitches, can still occur, leading to significant service disruptions. The big lesson here is that storing data with one of the biggest tech companies in the world does not mean that you can go without a robust strategy to prevent data loss. Even with the best technology and infrastructure, things can go wrong. We must account for a comprehensive disaster recovery and backup plan in place, regardless of the reputation or size of your cloud service provider.
The 3-2-1 Backup Rule
An approach we recommended is the 3-2-1 backup rule. This strategy ensures that your data is well-protected and can be quickly restored in the event of an unforeseen incident. Here’s how the 3-2-1 backup rule works:
- Three Copies of Your Data: Keep at least three copies of your data. This includes the original data and two additional backups. Having multiple copies reduces the risk of data loss significantly.
- Two Different Storage Media: Store these backups on at least two different types of storage media. This can include combinations such as local storage devices (like external hard drives) and cloud storage solutions. Diversifying storage media protects against failures that may affect one type of media.
- One Offsite Backup: Ensure that one of these backups is kept offsite. This offsite location could be in a different geographic location or with a different cloud provider. The key is to have a backup that is physically separate from your primary location, protecting your data from local disasters like fires or floods.
In the context of cloud services, the term "offsite" takes on a new meaning. Traditionally referring to physical locations outside the primary data centre, however, with cloud computing, it's essential to consider different cloud providers as "offsite" locations. Relying solely on one cloud provider can create a single point of failure, as demonstrated by the UniSuper incident.
Conclusion
The UniSuper-Google Cloud mishap underscores the critical importance of robust backup strategies and the fallacy of believing that any provider is immune to failure.
At The Virtual IT Department, we advocate for a multi-layered approach to data protection, ensuring that our clients' data is safeguarded against a wide range of potential threats. By adhering to the 3-2-1 backup rule and continuously reviewing and updating disaster recovery plans, businesses can minimise downtime and data loss, maintaining operational continuity.
For more information on how to safeguard your business with comprehensive backup solutions, contact us at The Virtual IT Department. We are dedicated to helping you navigate the complexities of data protection and disaster recovery, ensuring your peace of mind.