This is a question I am afraid is still much debated among professionals.
Before you read further I must inform you that I come from the data-protection industry, I have strong opinions on the matter. But I like all others must face our own inferiority that none of us can predict the future and none of us can be completely unbiased,
even if we give our best effort.
Here are some points for you to consider. ~ This is my best effort.
When you accepted the terms and conditions of Microsoft you signed a disclaimer where you accept all waiver liability, even in the event of a Microsoft major hardware problem or Microsoft employee who is responsible for major data breach, your terms dictates
real clearly that YOU will be responsible for all repercussions, and waver any right to use reliance measure or penal damages against Microsoft.
"You are solely responsible for the content of all customer data”
~Azure
If any data loss, or data breach of the data you store within Azure implicit legal repercussions for you or your data owners you must put that event into your risk factor analysis.
Then, let´s take a look at a few arguments against backups.
- Major Public Cloud vendor resiliency services is overall better than current legacy-datacenter or domestic private and public cloud vendors
- A wide range Catastrophic failure on a public cloud vendor has never been recorded. Biggest on to date recorded happened in May 2016 in Japan.
So Is there anything to worry about, I say Yes. because no revolutionary disruptive technology has come to light in the last few years, that makes Cloud Service Providers any more secure or resiliant than your own datacenter 3-4
years ago. It was unacceptable to go without backups then, but suddenly it´s ok in the cloud.
Current adoption of Backup solutions in the cloud is low and there is no indication (according to analysts) that it´s going to change drasticly in the near future, the current backup adoption last I saw was around 25%, where only 2% used the native cloud provider
solution. Another 25% of customers have non buissnes critical data. This leaves roughly 50% of customers who now walk around with no insurance some of whom will surly die drowning if the ship goes down.
Resiliency services and standards are immature and ill-defined concerning cloud vendors, and probably is still 5-10 years out to reach maturity.
It is my concern that it´s probably only be a matter of time before the first major catastrophic log outage or data loss will occur. The outcome, and repercussions of such a events are impossible to predict. But probably may have a long lasting effects, both
regarding legalization and customer behavior.
History repeats itself. It´s just over 100 years ago when we thought we had built something unsinkable.
The similarities are startling, except now we have a few Titanics sailing around. The event of such catastrophic events will depend to similar issues, whether the engineers of modern day cloud providers have taken into account
the change of multiple site failures happening on the same time, and if they have implemented the procedures correctly. Like Titanic’s engineer did not take into account that five of the ship's watertight compartments could be breached at the same time.
My prediction is that one of these monsters will go down in the next few years, it may affect your data and it may not, but the repercussions, will be permanent, and not be fun for anyone in the IT industry.
But perhaps this time around history will not repeat itself and we REALLY have something unsinkable here, time will tell, that is the only thing that is certain.