Data should be stored and replicated in database clusters, version controlled and encrypted at rest and transit.
If data is the new gold, "storage" is the vault it resides.
Be it performance, scalability or security, modern infrastructure depends heavily on how its storage layer is configured and maintained. Storage or Data layer is the core of modern infrastructure. Any other factor can be brought back up with minimal interruption in connection, but if any data in the storage layer is lost, it can cost end of the entire business.
There are various kind of data that is stored in an infrastructure which can be broadly classified as
Data at rest: Relational/Non Relational User data, Secrets, Static Assets, Backups etc
Data in Transit: Communications, File transfer, key exchange etc.
Both kinds need to be protected from failure of any kind, be it availability, scalability, security or cost effectiveness:
Multi Site Data Replication
This is true especially for data at rest. For high availability data must be replicated across multiple sites. That is why always use managed services or data base clusters with multiple availability zone replications. These services also help to achieve zero downtime deployments during major os or version upgrades.
Backups are still necessary for compliance and regulations. Enable automated backup of the data instead of machine snapshots.
Do not store critical data on standalone local system storage, object Storage/NFS/NAS as these are difficult to scale and restore.
Configuration Management
All storage configurations such as provisioning, scaling, migrations or even decommissioning, must be automated through configuration management and infrastructure as code. No manual intervention should be allowed.
Changes in data configuration or structure must be version controlled inline with application configuration.
This will enable traceability for security audits and ensure backward compatibility of data.
Encryption & Secret Management
Storage systems must be encrypted for data at rest with a centralised key management system with periodic key rotation.
Data in transit such as inter account/region communications must be segregated and encrypted with SSL/TLS.
You can also enable zero trust policy via Mutual TLS to add an extra layer of security for data communication with third party softwares.
Some businesses still prefer to choose self managed model for data localisation, privacy and security regulations. They are basically worried about IP security on systems managed by someone else. In a such case, you can actually discuss with the cloud provider and get them clarify their compliance readiness in an agreement.
FinOps
Storage expenses constitutes the most from infrastructure budget. So planning for storage requirement must be done in advance or it can overspill your entire infra budget.
For example, your current data size is 500 GB, however your estimated utilisation can reach 1 TB, in self managed services you will be reserving 1TB in advance and then keep paying for the empty 500GB.
That's where managed services are recommended for data storage. They charge for the utilisation and are scaleable on demand. As a matter of fact, you can strike a good discount if you forecast storage requirement in advance with your cloud provider.
Summary
Replication not restoration.
Version Controlled database config and data.
Do not use compute services for data storage, Object Storage/ NFS/NAS.