Cloud technologies have played a large role in keeping federal agencies going since the onset of the COVID-19 pandemic. “The ability to work remotely in a virtual and secure environment is more important than ever. The use of cloud technologies has helped the government be more resilient and shift to these new ways of work,” said Ashley Mahan, Acting Assistant Commissioner, Technology Transformation Services at GSA. While agencies embrace the cloud at an increasingly fast pace, they need to ask who is responsible for their data protection within the cloud.
According to a study done by MeriTalk in conjunction with Affigent and Dell Technologies, twenty percent of respondents believe that the responsibility for protecting multiple workloads running in multiple clouds resides with the cloud service providers. However, this is not always the case. In many situations, the vendor does not guarantee the security of the data. For this reason – not to mention the constant attacks launched against agencies – data protection in the cloud must be top of mind for agencies as they move more workloads and applications to the cloud.
Paul Mitchell, Dell EMC’s Field CTO for Data Protection Solutions, is charged with educating about cloud data protection. Mitchell said that from an agency standpoint, “cloud vendors use a shared responsibility model.” The division of security between the agency and the vendor in a shared responsibility model is “security in the cloud” versus “security of the cloud.” The agency’s responsibility can vary depending on which services they select from the vendor, but a large responsibility is securing their own data in the cloud. Whereas, the vendor is responsible for the protection of the infrastructure, such as, the hardware, software, networking, and facilities of the cloud.
Gartner research shows that unstructured data is growing between 30–60 percent year over year and by 2024, 50 percent of global unstructured data will be deployed as software defined storage, up less than 20 percent in 2020. By partnering with industry experts, agencies can successfully protect unstructured data better in the cloud. Mitchell commented that, with a single cloud solution to protect the data, agencies can optimize their investment by “using object storage, which happens to be the lowest and the cheapest common denominator in any other public cloud,” to manage the unstructured data. Other benefits include a flexible solution that meets compliance and security mandates.
As federal agencies continue their IT modernization journeys, it is importance to keep data protection top of mind. While security may be an assumption when partnering with a cloud vendor, agencies need to carefully consider partners and be vigilant when it comes to protecting their data from threats.