Kyoto University recently reported that as a result of a faulty software update, 77 TB of research data was removed from its supercomputer. According to the university, 34 million files from 14 research teams have been deleted, and a third of the lost data will not be recovered due to lack of additional backups.
There is a common misconception that backups stored locally are for some reason more secure than backups stored in the cloud, and I believe that Kyoto University kept its backups locally. If these backups were stored in the cloud, and especially in the cloud, which provided unchanged storage – which prevents even administrators from spoofing or deleting data – it is likely that the software update would not affect the backups and allowed the university to recover almost all lost data.
The modern landscape of threats
Data loss at Kyoto University should be devastating for scientists and researchers who may have lost years of work. This underscores the need for universities to upgrade their IT infrastructures to protect against massive data losses such as Kyoto and other ongoing threats such as ransomware, natural disasters that can destroy embedded servers, and human error.
Ransomware programs continue to be the number one threat facing university data around the world. Educational institutions are now regularly targeted, and the number of attacks on universities from 2019 to 2020 has increased by 100 percent. What will always be true is that ransomware infection most often occurs due to user errors or carelessness. People are people and they make mistakes. They are caught cheating, cheating, giving away their credentials, or cheating them by clicking and installing malware. Much of the security industry is focused on preventing and detecting intrusions. But this is a losing battle, because vulnerabilities are not just technical – they depend on people never making mistakes. And it most likely never will.
So instead of getting carried away with the latest firewall technology or intrusion detection software, it’s often better to just have a full backup. Data recovery is one thing, but in many cases the only way to get rid of ransomware is to erase your computer’s disks and start over. This means that IT teams need to reinstall operating systems and other basic software, as well as all programs, to recover data. This transition should involve moving away from the local data store to the cloud.
Backup data to the cloud
The vast amounts of research data and the many departments that require access to data, as well as confidential personal information about students and faculty, make the data storage requirements for higher education institutions very different from other industries. And in the case of massive data loss, universities need to get back on their feet in minutes, not days. With that in mind, the cloud has become a lifeline for many higher education institutions as it promises the scale and power needed for archiving, protection and easy access to data at all times.