Businesses are aggressively adopting cloud-based productivity suites to improve agility, efficiency and collaboration in a work-from-anywhere world. Two of the more popular platforms, Microsoft’s Office 365 and Google’s G Suite, have hundreds of millions of users.
Despite the growing popularity, there remains widespread confusion about who is responsible for protecting data in the cloud.
Cloud services are offered under a “shared responsibility” security model. Simply speaking, that means providers such as Microsoft and Google are responsible for the security of their cloud infrastructure, but customers are responsible for securing any data they put in the cloud.
That model creates a huge blind spot for many businesses. In a recent global survey of cybersecurity and IT professionals conducted by Enterprise Strategy Group, only 8 percent reported they fully understand the shared responsibility security model. Nonetheless, 90 percent said they use cloud-based services and 50 percent said they expect to move all of their corporate data to the cloud within two years.
Mind the Gaps
This lack of clarity creates enormous risk. It’s estimated that a third of all users experience data loss in cloud applications — with the vast majority of those incidents falling under customer responsibilities. Companies that lose data as the result of accidental or malicious deletion, overwriting, misconfigured APIs, or migration errors are often shocked to learn their provider can’t restore their data.
Most cloud services do provide some limited backup and data protection capabilities. For example, O365 retains deleted files in a recycle bin for one month so you can easily restore a file that has been accidentally deleted. In a similar way, deleted emails are retained for 14 days before being permanently deleted. However, such tools are more of a hedge against “oops” moments than a true data protection solution.
Another huge concern is the limited protection cloud service providers offer against malware and ransomware. Attacks on cloud services more than doubled in 2019, according to the 2020 Trustwave Global Security Report. If you’re assuming your provider has security covered, think again. Most make it very clear in their contracts that customers are responsible for malware scanning, intrusion prevention, identity and access management, encryption and other security controls, as well as installing updates and patches.
Learn How to Minimize Risk
To close these gaps and minimize risk, companies must implement solid backup and data protection capabilities for their cloud services portfolios. These measures should be every bit as robust as those you’d use for your on-premises data, apps and systems. For example, you should have unlimited storage and data retention with full visibility into the backup environment. You’ll also need point-in-time recovery capabilities for all data, including the ability to quickly find and restore any data you need for compliance audits.
Cloud-based productivity suites such as O365 and G Suite deliver enormous business benefits by giving users anywhere/anytime access to core business applications such as word processing, spreadsheet, email, messaging, conferencing and more. However, too many organizations are under the mistaken impression that their subscription covers full backup and data protection services.
In a shared responsibility model, companies must take steps to safeguard their data. The cloud experts at Verteks invite you to join us on May 21 for a webinar in which we’ll explore a best-practices approach to protecting cloud data from deletion, theft, malicious attacks or misconfigurations. You can get additional information and register here.