Mark Hart, Senior Director of UK Enterprise at Commvault, details how the Shared Responsibility Model can protect businesses and clients from harmful data breaches.
It is well-known that the cloud has a multitude of benefits to offer organisations across every industry, however, it is important to keep in mind that, given that 98% of businesses have reported a cloud breach within 18 months, cloud computing – like all technology – is not foolproof.
Organisations are beginning to understand the need for additional measures to defend and protect their data, without relying on their cloud providers’ defences without question. But how can this be done?
By using the Shared Responsibility Model, both providers and customers can work together to secure the cloud landscape, taking full advantage of this widespread, innovative technology.
The Shared Responsibility Model explained
The Shared Responsibility Model (SRM) is a cloud security strategy that outlines that while cloud providers are responsible for safeguarding their security infrastructure, customers are also responsible for securing their applications and data within the bounds of their own cloud environment.
Through customers adopting a thorough understanding of their role in the SRM, a holistic data protection approach can be put into play.
This means that customers need to consider their cloud provider’s native tools and any other security measures that need to be put into action. With cybercrime becoming more sophisticated, businesses should no longer blindly adopt tools without having a good understanding of where their vulnerabilities lie and instead work to collaborate with their cloud service providers.
The role of the cloud provider
First and foremost, cloud providers need to be transparent with customers about their methods of protecting their data before anything else, updating them on any compliance changes that could have an impact on the provider’s operations. Moreover, cloud providers are responsible for detailing what exactly falls under their cover. They must keep all their clients informed of any updates to their services, for example, alerting them if a service is no longer offered, or if a new application has been announced.
Then there’s the security side of the SRM. Cloud providers do share some of the burden with their customers. Their responsibility extends to the privacy and security of their cloud infrastructure, which involves data storage, host firewalls, physical security, network protection, software vulnerability patching, and access control.
Having a proactive way of responding to security incidents quickly, should they arise, is another crucial element of their remit, too, as is ensuring legal and compliance regulations are being met.
Finally, cloud providers must take responsibility for the operational integrity of their system, guaranteeing scalability, performance optimisation, availability, fault tolerance, cost management, and reliability.
The role of the client
With the cloud provider responsible for this many elements, it’s unsurprising that many customers believe their data doesn’t require measures like the SRM for additional protection.
However, customers are responsible for securing their own applications and data within their cloud environment. But strikingly, research shows that just 39% of organisations are confident in their ability to secure their data. In truth, actions need to be taken to implement more security measures to take this responsibility effectively. Backup and recovery, identity and access management, encryption, and monitoring are key examples of necessary measures.
Visibility and security are vital for a strong data protection strategy across multiple workloads. By implementing regular backups, you can truly rely on your cloud data. Introducing encryption to protect sensitive data and prevent unauthorised attempts at access from outsider threats is crucial. Yet, a mere 17% of businesses are using encryption to protect at least half of their cloud-based data. Identity access management is another method to fend off outsider threats, ensuring that personal profiles are protected from cybercriminals by using tools such as multi-factor authentication.
Businesses will benefit from ensuring that they are complying with their industry’s regulatory agencies and adopting a Separation of Duty policy to add another layer of protection against misuse from an individual account holder.
Implementing a monitoring and observability service, such as the Shared Responsibility Model, is necessary for teams to properly manage their cloud data, with data analysis offering proactive insights from cloud data and about the activity of their cloud landscape.
Accountability is key
Due to the growth of digitisation in the last two years, 90% of UK senior executives have experienced significant exposure to cyber risks; it is imperative that customers take responsibility by creating a holistic data security strategy, ensuring reliable data protection.
This requires a full understanding of security requirements across cloud data landscapes, and developing the right physical, operational, and technical controls. While cloud providers can offer advanced tools and services, 52% of CISOs are still unsure if they can fully enforce a reliable security policy across multiple applications in the cloud.
Companies should also be aware of their own data, who is responsible for what information, and ensure that they understand how to manage it in a secure way, from the beginning to the end of its lifecycle. This refers to managing who has access to specific information and when that access should be removed.
The Shared Responsibility Model is a well-built strategy for cloud providers and customers to adopt in order to curtail the growing threat of cyber-attacks. Research shows that nearly half of all data breaches happen in the cloud, only emphasising the importance of taking immediate action, and not taking security for granted.
In order to reach success, customers must work to understand the responsibility they must take on with each individual provider and take full advantage of the advanced tools and services on offer. With collaboration front of mind, a winning team is guaranteed.
