With a clear increase in the utilisation of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS), the question often asked is, who is ultimately responsible for your data security?
According to IDC, 60% of all IT infrastructure and 60-70% of all software, services and technology spending by 2020 will be cloud based. As a critical element of competitiveness, 2019 will see CIOs trying to better balance the capabilities of the newest cloud technology while focusing on security. Forbes says that the number of cloud solutions in the public and private sectors will further expand in 2019. More organisations are expected to take advantage of the simplicity and high-performance the cloud guarantees. One area often misunderstood and overlooked is the responsibility for data security.
Routed, as Africa’s only vendor neutral cloud infrastructure provider, says that the responsibility of cloud providers includes everything related to IaaS and PaaS, except client data. This misconception is important to note as too many clients place the responsibility of company data on the cloud providers’ shoulders, which is not where it belongs.
A good example is Microsoft’s Office365, where Microsoft manages the Office365 infrastructure and uptime but empowers you, the user, with the responsibility of the data. The misconception that Microsoft fully backs up data on a client’s behalf is quite common. Without a shift in mindset, there could be damaging repercussions when this responsibility is not clearly identified. Ultimately, you need to ensure you have access to, and control over, your data.
In recent research done in Australia, the three main reasons for data breaches in the last quarter of 2018 were:
- malicious or criminal attacks (59%),
- human error (36%) and
- system fault (5%).
So system faults are not to blame – but human attacks and human error are at fault. Education is critical and locally we have a lot of work to do.