The short answer is, no, it isn’t. In fact, a local business recently was victimized by a hacker, through no fault of their own, when their cloud-based industry line-of-business software (think “database software used by their profession”), was breached and data deleted, and no backup was in place. That’s right, the software vendor who sold their service to the industry was not backing up their client data.
Imagine having to go back to your clients and let them know that a hacker had deleted their data, and, because the vendor you were using had no backup in place, you weren’t able to recover their data. Apart from the compliance violations, you would also likely face growing distrust with your own clients.
The difficulty is that many software platforms have moved to being cloud-based, and most business customers don’t really know what is going on in the background of those systems. When databases and line-of-business applications were hosted on servers in your own data closet, you at least had the option of backing up and monitoring the data internally in your business. Cloud-based solutions vendors don’t often let you know what the backup status of your data is, and that leads many to simply assume that data is being backed up.
Cloud-based software packages make many things simpler: they reduce capital expenditure on servers and related hardware, reduce cost for maintenance of hardware and software on those servers, allow for access by remote workers like sales staff in the field or accountants, and shift the burden of security to the vendor. Many, if not most, software packages are moving from on-premises to cloud-based versions, and that includes high-functioning and complex production databases as well as common office packages like Microsoft 365. The reality is, like it or not, many vendor software packages are shifting to the cloud.
However, it’s still critical to keep control of your own data. Cloud-based services should still be backed up, especially including services like Microsoft 365. Though it’s common to think of Microsoft OneDrive as a backup system, in reality it is simply storage in the cloud, and must be backed up.
The worst thing with data is not to know whether it is backed up. If you have a compliance burden, your cloud-based software vendor should state as part of its agreement with you whether they provide backup (in the medical world, this is part of your BAA). If you don’t know, a third-party check is helpful to find out where you may have gaps. Data loss is the kind of thing where it only takes one lapse to result in great damage to your company.