More and more businesses are using cloud services like Microsoft 365 (MS 365). But many don’t realize that the burden of securing their cloud is on their shoulders. It’s called the shared responsibility model. Here is what Microsoft 365 shared responsibility means for your business.
The Shared Responsibility Model of the Cloud
It sounds like complex business jargon, but the shared responsibility model is very simple: It outlines what your cloud services provider IS and IS NOT responsible for. On the NOT list? You guessed it — cyber security. While the cloud is a necessary and valuable tool for modern business, don’t go into it with blind faith that what’s in the cloud is safe. Just like if you bought a computer or other hardware, the job of securing your data on those devices is your responsibility — not the computer manufacturer’s.
Cloud Security Is On You
This is not just a Microsoft 365 model — it’s used across the industry. Cloud service providers are not responsible for protecting your information. Your cloud data security is on you. As an example, Microsoft 365 does NOT:
- Protect your data in the case of an app outage. They take many measures to keep 365 up and running, but if there’s an outage your data may be lost… and Microsoft is not liable for this. You need to back up your cloud data with a third-party application.
- Retain data after user account termination. Let’s say an employee leaves the company and you, understandably, decommission that user’s account on Microsoft 365. Microsoft stores the information within that account for 90 days, after which it is permanently lost. Another reason why backups are critical.
Cloud backups are not your only responsibility. Microsoft 365 has a variety of security features, but they need to be configured by each business. Contact us to discuss what Microsoft 365 shared responsibility means for your business.