With the adoption of remote working accelerating, even necessitating, the shift to the cloud, it should come as no surprise that more data is being stored in the cloud, and often across multiple providers. From a remote accessibility standpoint, it makes perfect sense, but who is responsible for the data once it’s in the cloud? Is it your organisation, or the cloud provider?
The answer is simple: both. An organisation cannot assume their data will be secured by the cloud provider. In essence, the cloud infrastructure is the responsibility of the cloud provider, but the security of the data stored within that infrastructure is the responsibility of whoever owns that data. In short, it’s your data, their cloud.
The shared responsibility model for cloud security is nothing new; it’s over a decade old, and the good news is that awareness of the model has grown with the increase in cloud consumption; in fact, most major cloud providers will supply a clear description of precisely how the responsibility for security is divided. But does that awareness translate to action? In the 2022 Thales Cloud Security study, 54% of respondents said that they had at least 40% of their data in the cloud, but only 19% of respondents said that they know where all of it is stored[1]. The reality is that if you don’t know where the data is, it’s impossible to take action to protect it.
In March 2022, Thales Cloud Security’s Eric Woolf sat down with David Linthicum of Deloitte Consulting and podcaster Susanna Song for a fireside discussion of cloud transformation and shared responsibility. The takeaway was clear: understanding of shared responsibility is key, and that understanding must start at the top.
When data is being stored in the cloud, it can be easy to forget that the data still needs to be secured, or assume that the service provider will take care of it. But the reality is that if the data is lost, stolen or compromised, the ultimate cost is to your organisation, not the service provider; it’s therefore essential to ensure that security is your first consideration, whether your data is being stored on-premises, in the cloud or a hybrid environment.
Of course, there are more practical considerations; multi-cloud environments are by their very nature more complex and more difficult to secure. The question then becomes, how do you optimise cloud security while staying within budget and keeping things as simple as possible? Thales’ CipherTrust Cloud Key Manager simplifies the task of holding and managing encryption keys for cloud services and utilises centralised key management to give you access to your cloud providers and on-premises environment from a single browser window, streamlining your encryption strategy and securing your organisation’s digital transformation, wherever your data is[2].
Want to learn more? Check out Thales’ webinar below:
It’s Your Data in Their Clouds
[1] 2022 Thales Cloud Security Study (thalesgroup.com)
[2] Cloud Key Management | Cloud Key Management Services (thalesgroup.com)
