Cloud computing and shared responsibility

There’s a lot of questions that sometimes go unspoken when it comes to cloud computing such as ‘how secure is my data?’ and ‘who is responsible for keeping that data secure?’. There is not one definitive answer to these questions, it is ultimately dependent on a number of varying factors. Data Backup is also an interesting area to consider. Whilst secure backups are provided by SaaS (Software as a Service) providers, are they adequate for your own business needs? Third party backup solutions to protect SaaS data are becoming more popular as clients consider the risks from cyber threats, malicious insiders and simple human error.

However, it is important that no matter how you store your data, you evaluate your responsibility to keep that data safe and secure.

Working in the cloud

Different cloud service models will vary in cost, ease of use, privacy, security and compliance, so it’s important to understand what your cloud service model offers. The primary cloud service delivery mechanisms are infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), each of these models will require different levels of responsibility from its customers.

Cloud providers should provide security for certain elements, such as the physical infrastructure and network elements, but customers must be aware of their own responsibilities. A good example of this is that a cloud solution provider may put in place a security measure but ultimately if users set easily-guessed passwords or use the same password for any other accounts, an organisation is placing itself at a greater risk of data breach. It is then the organisation’s responsibility to train and inform its users on safe password procedures.

Shared responsibility

Different cloud service models affect the ways that responsibilities are shared between cloud providers and cloud customers, so it is important to understand what cloud service model you are utilising and what responsibilities this leaves you with.

Some responsibilities are shared between the cloud provider and the cloud customer such as auditing of domains and some are separate responsibilities that support each other. For example, in Microsoft Azure it is the responsibility of the customer to configure services like multi-factor authentication but ensuring effective functionality is the responsibility of Microsoft. This is not to say that customer responsibilities cannot be supported, for example implementing solutions like MFA can be handed over to your Managed Service Provider.

Providing and classifying data to ensure compliancy with regulations is the responsibility of the customer, however again a managed service provider can guide a customer through this process helping them ensure it is implemented successfully.

Many businesses utilise SaaS solutions such as Office 365 or Dynamics 365. Whilst these tools do offer data protection capabilities, it is ultimately the customer’s responsibility to manage, classify and configure solutions to ensure they address their necessary security and compliancy needs. Cloud providers offer strong security tools and advantages, but these do not absolve the customer from protecting their data, users, applications, and service offerings.

It is important for both those who have been using a cloud-based solution and those who are moving to the cloud to understand and review their shared responsibility to keeping data secure. If you’re not sure what your responsibilities are or where to start with owning your security responsibilities, that’s where a managed service provider can help. A managed service provider will be able to implement appropriate security solutions and support but are also there as a source of knowledge and advice that can help and guide you through the challenging landscape of shared responsibility.

To find out more about shared responsibility or managed services, get in touch today. Call 0191 4770465 or email enquiries@teamsynergi.co.uk.