Simon Jelley, General Manager for SaaS Protection, Endpoint and Backup Exec at Veritas Technologies.
The saying “sharing is caring” is often true—for example, sharing good fortune, sound advice or praise.
Although, it’s not always true, is it? Sharing germs, hurtful sentiments or someone else’s private struggles with a third party are examples of when sharing does not reflect goodwill.
And then there’s the gray area. What if you share someone else’s private struggles with a third party, but your intent is to help the person with their struggles? You’ve breached their confidence, but you did so with the best of intentions, and it could end up being exactly what was needed.
For those of us in business leadership, sharing takes on many forms and can fall into any of these categories: good, bad and gray. But one I’ve touched on before and would like to now explore more deeply is the cloud’s shared responsibility model between your organization and your cloud service providers (known as “CSPs”).
Defining Shared Responsibility
As the name implies, shared responsibility indicates that being accountable for something falls to two or more parties. When it comes to managing your cloud-based data, the concept of shared responsibility primarily relates to resiliency and sustainability. Resiliency is often codified in a CSP’s terms and conditions, while sustainability is usually not addressed in terms and conditions, but, in the grand scheme of things, might just be most important.
In my opinion, cloud-shared responsibility falls into the gray area outlined above; it’s both positive and negative. On one hand, you’re paying your CSPs a lot of money—perhaps more than you intended—and want to get maximum returns on investment. But on the other hand, relinquishing too much control over your cloud-based data is never a good thing.
In any case, the cloud-shared responsibility model is here, and it’s not likely going away anytime soon. Take a closer look at the two areas of cloud-shared responsibility, plus tips for getting them right.
Shared Responsibility Of Resiliency
I previously remarked, “Far too many companies think their [CSP] is responsible for the protection of their cloud-based data . . . The truth is that, as part of their standard service, most cloud service providers only provide an uptime guarantee of their service—not cloud data protection.”
And by “far too many,” I mean 99% of IT decision-makers incorrectly assume their CSPs are responsible for protecting at least some of their assets in the cloud, research by my company found.
In other words, CSPs consider themselves responsible for the resiliency of the cloud—the hardware, software, networking and facilities they run—but their customers are responsible for the resiliency of what they put in the cloud. This means you own the security, accuracy, consistency, architecture, backup and other failure management of your cloud-based data, not to mention its regulatory compliance, which is related to its resiliency.
Shared Responsibility Of Sustainability
Data sustainability refers to reducing the environmental impact of data. As I’ve noted before, “It’s no secret that the mostly fossil fuel-powered data centers where all that unnecessary data is stored are a significant source of CO2.”
And many organizations are waking up to this reality. For example, my company recently lowered our emissions by 27% by procuring renewable energy certificates from our largest colocation data center provider and by transferring our in-house data center to a colocation facility.
On the surface, it might seem the responsibility for cloud-related sustainability lies squarely on the shoulders of CSPs. After all, they own and operate the data centers we call “the cloud.” And I’ve found that most do take this responsibility seriously.
But they’re also businesses that want more of your business. This means they’re perfectly willing to store more and more of your data for a fee. Therein lies your responsibility: making sure you’re not storing unnecessary data in the cloud (or on-premises for that matter), which consumes more energy and produces more carbon emissions. This is green in two ways: good for the environment and good for your bottom line.
Doing Your Part
So, how do you fulfill your end of the cloud’s shared responsibility model? Here are some tips:
• Organize your cloud-based data. Create a system to identify, define, label and group your data. In my experience, most data will fall into one of the following broad categories: public, private, internal, confidential and restricted. Arriving at one of these classifications relies on metadata tags that can be as varied and unique as needed based on your organization.
• Regularly delete unneeded cloud-based data. Most organizations have an astounding amount of unnecessary data in the cloud, including obsolete data—such as outdated information not required for compliance purposes—and trivial data—I’m looking at you, cat videos everywhere. Eliminating this data can benefit the environment and your cybersecurity.
• Delete redundant data as well. Eliminate unnecessary copies of existing data. For example, every time a customer purchases from your company, their name and contact information might be reentered into a database when what is really only needed are details on each purchase. Another example is multiple identical copies of an employee’s files that each get backed up when only one was needed.
• Constantly watch for threats targeting your cloud-based data. Detecting anomalies within your data, such as unusual access patterns or changes to the data itself, is an important defense mechanism to catch threats before they wreak havoc.
• Habitually back up your cloud-based data. Backup and recovery are key to ensuring your cloud-based data is always available when you need it, even if disaster strikes. It’s also your last line of defense against ransomware.
Because of the vast amount of new data organizations create every day, leveraging automation might help them best accomplish this.
In the end, yes, sharing is often caring, but perhaps not always in the way we think of it, at least not when it comes to the cloud’s shared responsibility model. Following the steps here will help ensure you’re doing your part to properly manage your cloud-based data.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here