When working in a Common Data Environment (CDE) hosted in the cloud, it’s easy to assume that data is automatically backed up. After all, the vendor running the platform has redundancies in place, right?
The reality: While cloud-based CDE providers may have their own backup processes, these are not intended for end-user recovery. If something is accidentally deleted, overwritten, or lost due to human error, you may not have a way to restore it.
This post covers what you need to know about security, access control, and backups when working in a cloud-based CDE.
What Should Be Included in Your BEP or Digital Execution Plan?
If your client asks about data security and backups, your focus should be on:
✅ Access control & authentication
✅ Data governance within the project
✅ Versioning & archiving strategies
1️⃣ Organisational-Level Access Control
Security within a cloud-based CDE starts with how users are authenticated and granted access to project data. If your company is using an enterprise-level security model, key controls should include:
🔐 Single Sign-On (SSO) – Centralised authentication for internal users.
📲 Two-Factor Authentication (2FA) – How frequently do your users need to re-authenticate using 2FA? Is it enabled at all?
🌍 External Party Access – If you’re hosting the project, does your organisation enforce 2FA for external collaborators?
These security layers ensure that only authorised personnel can access and manage project data.
2️⃣ Project-Level Data Governance
Beyond high-level security, your BEP should define how access is managed at the project level.
Access Request Process – How are users granted access to the project?
Access Control Ownership – Who is responsible for approving and managing access?
User Groups & Permissions – Define access levels (e.g., view-only, editor, admin).
Data-Sharing Protocols – Outline how models and files are shared externally.
Versioning Strategy – Ensure data integrity by leveraging the CDE’s file versioning system.
💡 Why This Matters:
Without clear governance, projects can run into data security risks, unauthorised access, and versioning conflicts.
3️⃣ What About Backups?
Most cloud-based CDEs rely on file versioning, which allows users to revert to previous file states. However, this is not a full backup solution.
📁 What you need to understand:
- Cloud vendors maintain internal backups, but these are meant for disaster recovery (e.g., system failure, infrastructure issues)—not for user-level restoration.
- If data is deleted or corrupted due to human error, those backups are not typically accessible to end users.
- CDE versioning may have limits (e.g., only storing the last X versions of a file).
📌 If long-term data retention is a concern, you need an external archiving strategy.
4️⃣ How to Handle Long-Term Retention & Archiving
If you need guaranteed access to historical data, consider:
✅ Scheduled Exports – Regularly export key project files to a secure, external storage location.
✅ Automated Backups – Use scripts or workflows to periodically back up critical data.
✅ Data Retention Policies – Define how long different data types should be kept outside of the CDE.
Don’t Assume Your CDE Has You Covered
Just because your cloud-based CDE provider has backups doesn’t mean your data is safe. Those backups are for the vendor—not for you.
To ensure data integrity and security, your project should:
✅ Define access control policies at both the organisational and project level.
✅ Implement a structured versioning strategy to prevent data loss.
✅ Establish an external archiving plan for long-term retention.
By addressing these points proactively, you can avoid data loss, security risks, and compliance issues, and ensure your team and clients have confidence in your digital workflows.
How does your team handle data retention in cloud-based CDEs? Drop a comment and let’s discuss!
No Comments