Google published a blog post recently that addressed an incident where one of its customers, UniSuper, an Australian pension fund, saw some of its data deleted because of an inadvertent misconfiguration of the Google Cloud VMware Engine for that customer.
Google quickly got UniSuper’s systems up and running again, and according to Cybersecurity News, UniSuper had data stored elsewhere, supporting the recovery.
Fortunately, this was, according to Google, a localised incident and “The incident trigger and the downstream system behavior have both been corrected to ensure that this cannot happen again.”
But the bigger picture, particularly if you’re an SEC and/or FINRA-registered asset and wealth manager, is that, like UniSuper, you are required to keep your data – in some instances for up to 7 years. The takeaway from this event is that you cannot assume that the data you store in a large cloud vendor is 100% backed up. You should also have a second form of backup of your important data outside of the native back up provided by primary cloud vendor(s). If not, and your data is lost, you will have a regulatory issue.