You’ve probably heard the term “shared responsibility model” but weren’t quite sure what it meant for your business. For cloud services like Microsoft 365, shared responsibility means that the provider (Microsoft) takes care of some specific areas, while the rest is the user or customer. The most critical item on your plate? Cloud security.
The Shared Responsibility Model
In their user agreements, cloud service providers specifically state what they provide and what they don’t, the balance of which is the user/company’s responsibility. We all know how easy it is to become blurry eyed reading user agreements. So it’s no surprise that so many businesses assume that because their data is in the cloud, it is backed up and secure. If you are not proactively closing those security gaps, your cloud data is at risk.
Microsoft 365 Shared Responsibility Model
Microsoft is not responsible for protecting your information. Here are two critical examples:
- Microsoft 365 is NOT liable for data loss due to an app outage. Of course, they take many precautions to keep the service up and running, but outages happen and can lead to data loss if your cloud is not backed up by a third-party application.
- Microsoft is NOT liable for data loss due to a terminated user account. Microsoft will keep information for 90 days after an account is decommissioned. Then it is gone forever unless you have backups, off-cloud storage or additional safety nets.
Backups aren’t the only security concern. MS 365 has a variety of security features, but they need to be configured for your business. Check out the 21 critical controls we recommend in our Microsoft 365 Security Checklist.
Download the Checklist
2022 Cyber Security Essentials Checklist
See where your business stands with these 18 critical cyber security controls established by the Center of Internet Security (CIS). Plus see the types of attacks most likely to impact your business.