Countless businesses would not have survived the past year without the cloud. Anytime, anywhere access to applications, data and services through the cloud enabled organizations to remain operational with remote work. As a result of this shift, analysts say, more than half of all corporate data now resides in the cloud.
Shockingly, a great deal of this data isn’t adequately protected.
A variety of studies indicate that companies aren’t taking proper precautions due to a persistent misconception about the cloud’s basic security framework. More than three-quarters of organizations report they don’t back up any of their cloud data — and have no plans to do so — because they think their cloud service providers are taking care of that. That’s simply not the case.
Although major cloud service providers do spend billions on cloud security each year, the ultimate responsibility for data protection lies with the data owner. All cloud providers operate under a “shared responsibility” model in which providers and users are accountable for different aspects of security. In general, providers are responsible for securing the cloud infrastructure while customers must protect their data and applications.
Such particulars were usually an afterthought as organizations moved quickly to adopt cloud services in order to remain functional during the pandemic. In one recent global survey, less than 10 percent of IT decision-makers reported that they fully understood the shared responsibility model.
The confusion partly stems from the fact that the model changes depending on the service model being used. Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) models all have unique provisions. The customer’s responsibilities generally increase from SaaS to PaaS to IaaS.
Miscalculations about cloud security can result in enormous risk. An estimated one-third of all users experience cloud data loss, with the vast majority of those incidents related to customer responsibilities. Organizations that lose data as the result of accidental deletions, misconfigurations, overwrites or migration errors are often stunned to learn that the cloud provider can’t restore their data.
Most providers state explicitly in their terms and conditions that data backup is a customer responsibility. Although some provide limited backup and data protection capabilities, these tend to be more of a hedge against user errors than true backup solutions.
For example, the Microsoft 365 cloud productivity suite has a few built-in data protection features. Deleted files and emails are retained in recycle bins for several weeks before being permanently deleted, providing an opportunity to restore files that have been accidentally deleted. However, Microsoft does not back up your data by default.
Increasing business dependence on Microsoft 365 makes it imperative to implement a robust backup solution. About 4 million new users each month are subscribing to the service in order to gain remote access to tried-and-true productivity applications such as Word, Excel and PowerPoint as well as collaboration and file-sharing solutions such as Teams, SharePoint and OneDrive. As such, it has become a repository for a wealth of sensitive corporate information.
The latest version of Veeam Backup for Microsoft 365 eliminates much of the risk of data loss. The comprehensive solution allows you to securely back up Microsoft 365 data to any location, whether on-premises, a service provider or a different cloud instance. The solution gives users more control over their Microsoft 365 data and provides protection against accidental deletion, security threats and retention policy gaps. It also addresses many legal and compliance requirements with efficient e-discovery capabilities.
In our next post, we’ll take a closer look at some of the advanced features in the Veeam solution, including purpose-built backup tools for the Teams collaboration environment.