Homepage

/

Blog

/

Who is responsible for your cloud data? The answer may surprise you!

Who is responsible for your cloud data? The answer may surprise you!

Who is responsible for your cloud data? The answer may surprise you!

More and more companies store data in the cloud. Find out what risks are associated with it and why cloud data also requires backup.

More and more companies store data in the cloud. Find out what risks are associated with it and why cloud data also requires backup.

Andrzej Kossakowski

Andrzej Kossakowski

Andrzej Kossakowski

5 min

5 min

reading

Table of Contents

Cloud data is becoming the standard

More and more enterprises store at least part of their data in the cloud. Often without even being fully aware of it. Modern workplace tools very often use cloud infrastructure, and users simply use it as another IT service.

A cloud environment is one of the greatest conveniences of modern IT infrastructure. In many cases, it is a more convenient, scalable, and secure solution than storing data on your own servers. There are many scenarios in which the cloud works very well.

In this article, however, we will focus on risks related to storing data in the cloud. Not to discourage the use of these solutions, but to show which risks are worth considering.

Private cloud and public cloud

In simplified terms, two most common cloud environment models can be distinguished.

A private cloud is an environment created by an organization for its own needs. The company designs its architecture, controls how data is protected, and has full visibility into where data is stored and how it is protected.

However, the vast majority of enterprises use the public cloud. It is delivered by specialized service providers. In this model, a company uses ready-made infrastructure, but at the same time often does not consider how it is built and what risks may be associated with it.

What cloud means in practice

For many users, the cloud is not an abstract technological concept. It is specific services they use every day.

Most often, these are:

  • file storage locations such as OneDrive, Dropbox, or Google Drive

  • mail servers such as Exchange Online, Gmail, or commercial hosting services

  • collaboration workspaces such as SharePoint, Google Workspace, or Dropbox Business

For the user, these are simply work tools. In reality, however, this means that company data is stored on external providers' servers.

Two main threats

For data stored in the cloud, two main types of risk can be identified:

  • data exposure

  • data loss

Data exposure or compromise

Unauthorized persons may gain access to data stored in the cloud.

Most often, this happens as a result of several typical situations.

It may be a user mistake. An employee shares a document publicly or sends access to the wrong person.

It may be an account takeover by a third party. Phishing attacks very often involve stealing login credentials for cloud services.

A provider-side error also cannot be ruled out. People also work in large organizations, and every IT system may contain errors.

History shows that even the largest cloud platforms can experience security incidents.

Examples of such events include:

  • Capital One in 2019. A data breach affecting 106 million customers related to a misconfiguration of the Amazon S3 cloud environment.

  • Twitch in 2021. A leak of approximately 125 GB of data, including the platform source code and streamers' financial information.

  • Microsoft Azure in 2022. Exposure of approximately 2.4 TB of data concerning more than 65 thousand organizations due to service misconfiguration.

The purpose of citing these examples is not to scare users, but to show that even the largest technology companies are not completely free from issues.

That is why it is worth making conscious decisions about which data to store in the cloud and which is better kept in your own infrastructure.

Data loss in the cloud

The second significant threat is data loss.

The simplest scenario is accidental or intentional deletion of data by a user. Sometimes such an event is noticed only after a longer time, when file recovery is no longer possible.

Another issue may be malware that encrypts data synchronized with a cloud service. In such a case, encrypted files are also uploaded to the cloud.

The rarest but most unpredictable scenario is a failure on the provider side. It may mean temporary system unavailability or partial data loss.

Large technology companies have advanced security systems and redundancy mechanisms. Despite this, no provider can give an absolute guarantee of data availability.

Shared responsibility model

Using cloud services is based on a shared responsibility model.

The cloud provider is responsible for the technical infrastructure. This includes servers, networks, data centers, and physical system security.

The user, in turn, is responsible for the security of their own data, access configuration, and how services are used.

In practice, this means that even if the provider's infrastructure is very well secured, incorrect account configuration, lack of access control, or lack of backups can still lead to data loss or exposure.

Therefore, cloud data security requires active effort from the organization using the services.

Shared responsibility model based on Microsoft 365
Source: https://www.veeam.com/blog/office365-shared-responsibility-model.html

The most common mistake made by companies using the cloud

The most common mistake is the belief that if data is in the cloud, it is automatically protected against loss.

In reality, most cloud services are not a backup system, but a tool for data storage and synchronization.

If a file is deleted or encrypted by malware, this change may also be synchronized to the cloud immediately.

Cloud data backup

The most important security principle is that data stored in the cloud should also be covered by backup.

More and more organizations treat backup of data from cloud services as a standard security practice. Lack of such a backup is increasingly seen as serious negligence.

There are different models for creating backup copies of cloud data.

One of them is copying data from one cloud to another. This allows data to be stored in two independent environments.

The second approach is copying data from the cloud to your own infrastructure. This solution combines the convenience of working in the cloud with having a backup under the organization's full control.

In practice, this comes down to a simple principle. Data in the cloud is convenient and often very secure, but it still remains data over which we do not have full control. Therefore, a reasonable security strategy assumes having a copy in another location.

Cloud data backup in your company

If you use services such as Microsoft 365, Google Workspace, Dropbox, or other cloud platforms, it is worth checking whether the data is covered by an independent backup.

More and more companies decide to back up cloud data to a second environment or to their own infrastructure to reduce the risk of information loss.

If you want to check which solution will be appropriate for your organization, the Helpwise team can help design and implement a secure backup of data from cloud services. We implement solutions from proven providers, such as AvePoint and Veeam, selecting the technology to match the environment specifics and client needs.

Table of Contents

Request an IT support services quote

Briefly describe your situation - we will respond within 24 hours with a tailored proposal.

The personal data you provide will be processed for the purpose of preparing and sending an offer for your company. More information about your rights related to GDPR can be found in our Privacy Policy and Cookie Policy.

Thank you for submitting the form,

we will respond as soon as possible.

Phone

+48 732 108 400

Email

kontakt@helpwise.pl

Working hours

Mon – Fri, 8:00 AM – 6:00 PM

Office address

Patriots Street 303, 04-767 Warsaw

We guarantee a quick response. We reply to every inquiry within 24 hours. In urgent matters - call.

More about our services:

helpwise.pl - IT support for companies

Request an IT support services quote

Briefly describe your situation - we will respond within 24 hours with a tailored proposal.

The personal data you provide will be processed for the purpose of preparing and sending an offer for your company. More information about your rights related to GDPR can be found in our Privacy Policy and Cookie Policy.

Thank you for submitting the form,

we will respond as soon as possible.

Phone

+48 732 108 400

Email

kontakt@helpwise.pl

Working hours

Mon – Fri, 8:00 AM – 6:00 PM

Office address

Patriots Street 303, 04-767 Warsaw

We guarantee a quick response. We reply to every inquiry within 24 hours. In urgent matters - call.

More about our services:

helpwise.pl - IT support for companies

Request an IT support services quote

Briefly describe your situation - we will respond within 24 hours with a tailored proposal.

The personal data you provide will be processed for the purpose of preparing and sending an offer for your company. More information about your rights related to GDPR can be found in our Privacy Policy and Cookie Policy.

Thank you for submitting the form,

we will respond as soon as possible.

Phone

+48 732 108 400

Email

kontakt@helpwise.pl

Working hours

Mon – Fri, 8:00 AM – 6:00 PM

Office address

Patriots Street 303, 04-767 Warsaw

We guarantee a quick response. We reply to every inquiry within 24 hours. In urgent matters - call.

More about our services:

helpwise.pl - IT support for companies