If you do not know the answer instantly, you could be putting your organization’s public cloud data at risk!
In a survey of 1,121 IT leaders with a budget- or technical decision-making responsibility for data management, data protection, and storage solutions at firms with 100 to 2,500 employees and at least 5TB of data involved, 43% of respondents believed that cloud providers were responsible for protecting and recovering data in the public cloud.
The survey was fielded in Australia, New Zealand, Brazil, Canada, France, Germany, India, Japan, Korea, the United Kingdom, the United States.
This misconception regarding the responsibility for data stored in public clouds has remained relatively unchanged since similar surveys in 2019 (46%) and 2020 (44%) were conducted. According to this year’s survey report, several additional factors suggest a worrying trend in data protection among the respondents, including:
- Nearly 66% of respondents had indicated that they believed cloud backups were safer than on-premises backups (which is not always true unless the cloud service includes immutable storage)
- Around 33% reported poorly documented disaster recovery plans
- 41% indicated that their organization’s disaster recovery plans were not up to date
With some 82% of respondents expecting to increase hybrid cloud investments, and 70% expecting to increase multi-cloud investment, the above trends and misconceptions could lead to higher cyber risk exposure.
Said David Lenz, Vice President (Asia Pacific), Arcserve, which commissioned the survey: “Organizations need to understand that data protection and recovery responsibility lies with them, not with the cloud provider.”
According to industry practice, anyone responsible for data protection must understand the shared responsibility model because most cloud providers only take responsibility for protecting the infrastructure that runs all its cloud services. Cloud customers are responsible for managing their own data, including ensuring that the contents are protected, backed up and recoverable. Any misconceptions of this policy could lead to increased cyber risks — even where securely configured workloads are concerned — due to zero day exploits or other cyber risks.