There is a well-known expression about assumptions and when this comes to your data and cyber security this goes double. When it comes to cloud solutions a misunderstanding around your responsibility and the providers can introduce risks into your business.
For example, a common question we get is, “Why do I need to backup Office 365 surely Microsoft already have this covered?”. In this article we discuss the Shared Responsibility model and how it might impact your business.
An introduction to Shared Responsibility
As you consider and evaluate public cloud services, it’s critical to understand the Shared Responsibility model, which security tasks are handled by the cloud provider and which tasks are handled by you. The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises data center.
For example, if you are hosting an app, in your own data center, it is quite clear that you are responsible for every step of the security journey and securing and backing up all the data at every stage of the process, but when you move to the cloud this becomes more complicated.
Shared Responsibility overview
The Shared Responsibility model sets to outline a framework where it is clear what roles and responsibility sits with each party. Your technology provider such as Microsoft is primarily focused on keeping their infrastructure running and reducing any downtime to practically zero. Only if their platform goes down will they take responsibility for the data that sits within it.
Your organisation in the Shared Responsibility model is responsible for securing all their data, regardless of where it sits, even if it resides in a SaaS solution.
So, if you accidently delete a file you need, if you don’t discover it until after the recycle bin is emptied then that is your responsibility, Microsoft or any other technology provider will not help you. Likewise, if you get hacked, if it is within your system and they steal, delete or corrupt your data, you may not have this covered.
Why the Shared Responsibility model matters?
On average an organisation only identifies a data loss after 140 days whereby a deletion will only be held for 30 – 90 days by Microsoft on something like Microsoft 365. If you aren’t aware of your responsibility to secure your data, you are opening your organisation up to risks including:
- Accidental data deletion by users
- Regulatory requirements to hold data for a specific time period.
- Cyber-attacks on your system, corruption of data, data loss or deletion.
What to do?
The key actions you need to take are around securing your data. You need to decide on your appetite for risk and the cost of to your business if your data is lost.
Consider a cloud backup solution. There is a wide range of ways you can increase your security, but cloud backup is a great way to manage the shared responsibility of cloud.
At Bridgeall we are Veeam partner. Veeam is a cloud backup solution designed for Microsoft 365. Veeam backs up Teams chat, Exchange Online, SharePoint and OneDrive. Keeping your documents, files, emails, spreadsheets and more backed up as often as you need it and held for as long as you need it.
To learn more about Veeam, please visit our Veeam page or contact us today.