Is Your Data Safe in an IaaS Public Cloud? #cloud

Can your business afford the revenue and productivity loss associated with technology outages? In a

hypercompetitive market, few businesses can. Many IT professionals expect to address the problem of business

downtime simply by moving workloads to the cloud; they assume their cloud provider replicates customer data

within their cloud centers as a matter of course. But in truth, your cloud provider has limited ability to protect

your data. Most cloud providers assume responsibility only for the underlying infrastructure. Such backup

procedures aren’t designed as an adequate means to protect your data in the event of an outage or disaster.

Instead, cloud service providers and IT professionals subscribe to the “shared responsibility” model for data

protection. With shared responsibility, the cloud service provider is responsible for maintaining infrastructure,

and the enterprise is responsible for protecting its cloud-based data from productivity-impacting challenges,

including human error, retention policy misconfigurations, and cyber security threats.

WHY A SOLID DATA PROTECTION STRATEGY IS CRITICAL TO

BUSINESS OPERATIONS

WHY A SOLID DATA PROTECTION STRATEGY IS CRITICAL TO

BUSINESS OPERATIONS

For businesses like yours, protecting data is not only key to business continuity, but also to maintaining

competitiveness, complying with regulations, and managing your brand reputation.

Businesses surveyed in the Frost & Sullivan 2018 Cloud User Survey cite such concerns among their top

priorities when moving to a cloud environment:

? 61% cite security or unauthorized access to their data as a top concern.

? 61% cite challenges with backup and recovery of cloud workloads.

? 54% are concerned with ensuring compliance with appropriate industry regulations.

Many businesses move workloads to the cloud with an expectation that the cloud will enhance workload

availability. Specifically:

? 70% of IT decision-makers rate “high availability SLAs” as a top selection criterion for a cloud service

provider.

? 67% stated that they believe a move to the cloud will help improve business continuity and disaster

recovery capabilities.

? 64% believe a move to the cloud will help them deliver applications and services faster.

Unfortunately, the high expectations regarding the cloud service provider’s role in data protection are often

misplaced. Many organizations incorrectly assume that their cloud provider will restore cloud-based applications

or data in the event of an outage.

In fact, although most providers replicate their environments and employ secondary locations that act as disaster

recovery sites, their only responsibility is to restore the instances contained in your account, not the data housed

on them. Businesses still have responsibility to back up and provide continuity and security/compliance measures

for their applications and data. Unless they do so, businesses are vulnerable to human error, security threats, and

technical mishaps that can cause outages and corrupt data.

UNDERSTANDING BUSINESS RESPONSIBILITY FOR DATA

PROTECTION IN THE CLOUD

While the cloud holds the promise of significant business benefits, the business itself must still take direct action

to protect its critical data and enable business continuity in the event of an outage or disaster. Therefore, it’s

important for IT leaders to understand their role in infrastructure and workload protection.

Shared Responsibility in the Public Cloud: What Is It?

Most, if not all, major cloud providers have a Shared Responsibility Model as part of their Terms & Conditions.

Shared responsibility clauses outline which parts of the cloud environment the provider is responsible for

protecting and which parts the business customer is responsible for protecting.

Provider Responsibility

Most providers’ shared responsibility language states that the provider is responsible for its own hardware that

comprises its global infrastructure, and any software that defines infrastructure as compute, storage, networking,

or database resources. For example:

? AWS states that it “is responsible for protecting the infrastructure that runs all of the services offered in

the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities

that run AWS Cloud services.

? For customers using Azure IaaS services, Microsoft takes responsibility for the physical security of the

infrastructure, and partial responsibility for the host infrastructure and the network controls.

In general, providers take responsibility for security and backup of the infrastructure itself. Specific platforms,

applications, workloads or services that the subscriber loads onto their instances are not the responsibility of the provider.

Business Subscriber’s Responsibility

Businesses are responsible for their own data and server-side encryption; network traffic security (encryption of data, data integrity); OS, network and firewall configurations; platforms, applications, and identity and access management; as well as the backup and security of their customers’ data. Shared responsibility models have

impacts on disaster recovery and security strategies.

Business Continuity/Disaster Recovery

Shared responsibility applies to backup and recovery of cloud-hosted data. In the event of an outage, under most

shared responsibility models, cloud providers only need to restore a customer’s instances—meaning, the size and

Is Your Data Safe in an IaaS Public Cloud? Mitigating Shared Responsibility Using IaaS Data Protection

configuration of infrastructure that they subscribed to. The provider is not responsible for the applications and

data stored within those instances. In the event of an outage, if your cloud workloads are not backed up

appropriately, you may experience business-impacting downtime. To prevent this, you must back up those

workloads by replicating and saving them in a secondary environment. This requires the enterprise to actively

initiate a data protection plan that is secure, compliant, and easy to restore in the event of an outage.