The Cloud, however much we rely on it, is an odd beast. Despite being so pervasive, so colossal in its sheer scale, it’s essentially invisible to the countless millions that use it; proof, perhaps, that we trust the Cloud providers to keep our work protected and consistent.
We trust, for example, that Microsoft is keeping our Azure cloud computing, SharePoint, and 365 data safe and secure from theft or ransom. And while that may be true – to an extent - the reality behind who’s truly in charge of our Cloud security is perhaps a little more complex.
What Does Microsoft Protect?
Like any Cloud data, yours is stored in one of countless data centers worldwide, including Microsoft-owned centers for your Microsoft 365 data. Business sense dictates that these centers adhere to strict surveillance, physical security, and access restrictions, and they do; the locations of these data centers aren’t even public knowledge, such as Microsoft’s dedication to security. The happy by-product of all this secrecy and security is that your data is somewhat protected on a physical and virtual level.
Microsoft also provides users the expected security provisions when accessing their Cloud infrastructure services, including Multi-Factor Authentication, end-to-end encryption, and, for Azure users, user protection with Azure Active Directory. On the surface, it appears that Microsoft is taking on a lot of your Cloud data security responsibilities. Yet therein lies the technicality…
Introducing the Shared Responsibility Model
Microsoft’s responsibility is to the protection of its global infrastructure; the fact that your data resides on that infrastructure is frankly, coincidental. Microsoft has no responsibility for the security of your data, the extent or frequency of your backups, or the recovery of any lost or deleted files. In fact, all Microsoft promises is that you’ll be able to access your data 99.9% of the time.
This is what Microsoft refers to as the Shared Responsibility Model – an understanding between Microsoft and the user on what can and cannot be expected from Microsoft’s cloud services. And when it comes to Cloud security, we can expect surprisingly little.
It sounds like typical corporate small print – a ‘Gotcha!’, almost – but without the shared responsibility model, we’d actually have too little control over our Cloud data. We’d be handing data ownership over to Microsoft for starters; a nightmare for privacy concerns. We’d also expect the cloud service provider to manage a one-size-fits-all approach to backup and recovery covering countless billions of users – an approach that’s as impossible as it is unfit for purpose.
Interestingly, this almost makes the Shared Responsibility Model something of a bonus; Microsoft’s secure data centers provide more protection than the model promises. However, nothing can be taken for granted and Microsoft’s methods simply cannot be relied on to deliver a bespoke, business-focused approach to backups, cyber security, and data recovery.
So, Who is Responsible?
It’s the twist that we all saw coming: the responsibility for business data lies only with the data owner. And while that might sound disappointing, it’s arguably for the best. Do we want the choice over what we backup, and when, to be in the hands of our data holders? Should the cloud provider decide which of our data sets is most important? Would we trust them to even know?
At Lantech, we fortify your Cloud data security with industry-leading protection which helps stop threats from entering your systems – or sensitive data from leaving them. If you’re moving your business to a Cloud-enabled environment, let us set you up for protective perfection.