Who is responsible for data in a cloud model?
The cloud services market is growing rapidly. It’s expected to be worth $623.3 billion by 2023, with North America having the largest share of the profits.
The rise of cloud technology has brought with it concerns about the security of data. And with good reason. Weak cybersecurity is not just an IT problem — it’s a risk to the entire business.
When you use cloud technology, the lines become a little blurred.
Who’s responsible for the data — the platform or the customer?
Here’s our take:
Cloud platforms must take data security seriously
There’s no doubt about it — when you choose a cloud platform for your business, a robust data security policy must your top priority.
The provider has a responsibility to ensure the maximum level of security for their customers.
And the overwhelming majority do.
In fact, cloud-based solutions could be more secure than in-house solutions. According to Salesforce, 94% of businesses improved their online security after moving to the cloud.
Before you choose a cloud platform for your business, we recommend you conduct a thorough risk assessment. This will help you ensure the provider fulfills its obligations when it comes to the protection of your data.
But the platform can only do so much. Cloud platforms control the infrastructure — including databases, data centers, storage, and networks.
This is where their responsibilities lie.
But the users have a responsibility too
Gartner predicts that, through 2022, at least 95% of cloud security failures will be the fault of the users.
There are certain data vulnerabilities the cloud service provider has no control over. Even if they wanted to, they couldn’t take responsibility for them.
This includes access management and the movement of data to and from the cloud.
One of the biggest reasons businesses opt for cloud technology is the ability to access data from anywhere, on multiple devices.
This has clear benefits for the business — it enables remote working and improves the availability of data — improving the efficiency of the business.
But it also brings about one of the biggest risks.
If your employees can access data from anywhere, so can cyber-criminals.
And they do.
According to a recent report, 76% of organizations experienced a phishing attack in one year. These emails are notoriously difficult to spot so robust data policies are essential.
Businesses have a responsibility to protect their cloud data from online security threats. They are responsible for:
- Staff training
- Keeping software and firewalls up to date
- Managing access to data
- The encryption of data as it moves to and from the cloud
- Developing policies to protect customer data
Conclusion: data security in the cloud is a shared responsibility.
When it comes to data security in the cloud, it’s clear neither party can take full responsibility.
It requires collaboration.
You need to know where your CSP’s responsibility ends and yours begins.
We understand this isn’t always easy but it’s important you take it seriously — data breaches can be disastrous for your business.
The two key players in cloud technology for businesses — AWS and Microsoft — have spoken out about this, defining the shared responsibility model for cloud security. This is now considered the industry standard.
In short, CSPs are responsible for the security of the cloud, while the users (that’s you) are responsible for security in the cloud.
At Imagis, we can give you peace of mind by helping you with this process. If you want to ensure your cloud security is up to standard, get in touch to find out how we can help