Study Shows Organizations have Significant Misconceptions About the Responsibility for Data Management, Security and Privacy in the Cloud

The cloud has become a vital and well-entrenched component of the IT infrastructure at a growing number of organizations. Moving data and workloads to cloud in many cases makes economic sense, and companies can reap benefits such as cost savings, increased agility and easier scalability of computing resources.

And yet, many enterprises still don’t fully understand who is responsible for what when it comes to ensuring the security and privacy of data in the cloud. That confusion about security and data management in the cloud is one of the worrisome findings of a recent study by independent research firm Vanson Bourne that was commissioned by cloud management platform provider Veritas Technologies.

The Truth in Cloud study, based on a survey of 1,200 business and IT decision makers at organizations worldwide, reveals that significant misconceptions exist about the responsibility for data management, with 69% of organizations wrongfully assuming data protection, data privacy, and compliance are the responsibility of the cloud service provider.

More than eight in 10 (83%) of organizations that use or plan to use infrastructure-as-a-service (IaaS) offerings think their cloud service provider takes care of protecting their data in the cloud. And more than half (54%) of organizations think it is the responsibility of the cloud service provider to securely transfer data between on-premises systems and the cloud. In addition, more than half (51%) think it is the responsibility of the cloud service provider to back up workloads in the cloud, and 55% also assume that application uptime is the responsibility of the cloud provider.

Veritas’ legal teams reviewed contracts from multiple public cloud service providers to help it understand what customers and cloud service providers are responsible for with respect to data management in the public cloud, according to Mike Palmer, executive vice president and chief product officer at the company.

Despite customers’ assumption that cloud providers hold the responsibility of data management, cloud service provider contracts usually place data management responsibility on customers. The research backed up Veritas’ own assumptions that the primary responsibility for data management lies with the customer, Palmer said.

The findings come as organizations continue to depend more than ever on cloud services. Survey respondents’ organizations will invest almost one fifth of their IT budget in cloud services over the next two years. IT spending on cloud technologies, including public cloud providers, is expected to rise from 12% of the budget in 2017 to 18% within the next two years. The trend is likely to continue and increase, the report said, as more than half (58%) of organizations that currently use one cloud provider indicate they plan to expand their portfolio across multiple cloud platforms.

Nearly 70% of the organizations use, or plan to use, two or more cloud providers. Forty-two percent said they are using, or plan to use, three or more cloud providers, with common goals of improving resiliency and data security as well as reducing capital expenditures and operating expenses. A small percentage of the organizations (16%) said they use, or plan to use, five or more cloud providers.

Not surprisingly given the rise of hybrid IT environments, companies are using a variety of cloud service providers, including public clouds and hosted private clouds. With respect to IaaS specifically, more than two-thirds (67%) of organizations said they use, or plan to use, two or more cloud providers.

Respondents said data privacy, security and compliance, workload performance and uptime are the top deciding factors impacting cloud provider selection.

The majority of global organizations (56%) operate with a cloud-first mentality when it comes to deploying new applications and managing workloads. Only one percent of organizations reported that they do not plan to adopt cloud services over the next two years.

However, many organizations continue to face hurdles in getting to the cloud, regardless of whether it is a public cloud or a hosted private cloud. The common barriers, according to the report, are complexity with cloud migration (37%), legacy technology limitations (36%), lack of in-house skills (38%), lack of a clear strategy (32%), and the existence of data silos (27%).

As more companies embrace a cloud-first mentality, the study said, the need to navigate the complexities of a multi-cloud world is critical. As with on-premises IT environments, organizations should consider all aspects of data management as they shift to the cloud, from data protection, compliance readiness, and workload portability to business continuity and storage optimization.