Think Data Protection and Security is Your Cloud Provider’s Responsibility? Think Again

The days when the cloud was still a new and novel idea are long gone. These days, companies are no longer questioning whether “should I move to the cloud?”, but instead, “how should I move to the cloud?” or “which cloud(s) would be best suited for my workloads and SLA requirements?”

This certainly applies to mature economies, but the effect has trickled down to the emerging markets including those in the Southeast Asian region as well, with more and more organisations moving to the cloud not only to take advantage of its speed and agility, but also to remain relevant and competitive.

According to the APAC Cloud Readiness Index released back in April 2018, cloud readiness is progressing at a homogenous pace in the region. While Singapore is miles ahead of the pack at this point in time, from an ASEAN perspective, the report states that emerging markets such as Indonesia, Malaysia, and the Philippines have been gaining positive traction by implementing several forward-looking policies to drive cloud adoption.

However, while moving to the cloud may potentially provide significant business benefits, many organisations are still under the false assumption that once their data and workloads are in the cloud, the cloud provider is fully responsible for keeping the data secure, backing up the data and restoring it at the click of a button in the event of failure. It must be that easy, right?

This is of course not true at all as most cloud providers today employ the “shared responsibility” model. The details of the terms and conditions may vary, but most cloud providers are only responsible for maintaining and protecting their cloud infrastructure – meaning the hardware as well as software that defines its compute, storage, networking, or database resources where the cloud environment is hosted.

In other words, should an outage occur, your contract may state that your cloud provider is only responsible for restoring the instances contained in your account (e.g the size and configuration of the subscribed infrastructure), and not the applications and data stored within those instances.

So if you don’t read the fine prints of your cloud services agreement and your data isn’t backed up properly, you’re in for a nasty surprise!

In most shared responsibility models, things like backup and security, data encryption, OS, network and firewall configurations, platforms, applications, and identity and access management are responsibilities that lie with the cloud subscriber.

Therefore, it’s important for businesses to monitor their workloads and be well prepared to deal with potential issues such as unscheduled downtime, data loss or corruption, as well as security threats or breaches.

The good news is that there are IaaS data protection solutions now available to help companies automate and simplify the whole process. This not only makes life easier for IT teams to backup public cloud-based data, but ensures that workloads will remain secure and always available.

Veeam recently released a white paper to discuss the importance of data protection in IaaS public cloud environments, how shared cloud responsibility affects both disaster recovery and security, and recommended steps for businesses to protect their data in a public cloud environment.

Click here to download the white paper.

share us your thought

0 Comment Log in or register to post comments