Showing results for 
Search instead for 
Did you mean: 

Export your data to the cloud, but don’t export your responsibility

Not applicable


As two working parents, my husband and I rely on school and after-school childcare to help educate and protect our kids while we’re working. I’m very grateful for their expert help. To be honest, I’m pretty sure I’d be a lousy 6th grade teacher. Even though we outsource part of our children’s care, my husband and I are clearly responsible for raising our children. But who is responsible for your company’s data? Your company or your cloud service provider (CSP)? That was one of the questions we asked 1,200 business and IT decision makers in 13 countries in a recent survey Veritas commissioned. The ultimate responsibility for data management doesn’t seem as clear. 

Our new Truth in Cloud study shows that the majority of global organizations (56 percent) operate with a cloud-first mentality. That’s probably not surprising. What is surprising is many organizations have misconceptions about who’s responsible for data management.


Organizations are embracing the cloud—from public clouds to hosted private clouds—and over two-thirds of the organizations we surveyed use multiple cloud platforms, what we call the multi-cloud. Our study found that the respondents’ IT spending on cloud technologies is expected to continue to rise from 12 percent in 2017 to 18 percent of total IT spend within the next two years. And 75 percent of organizations already work with an Infrastructure as a Service (IaaS) public cloud provider.


Know your responsibilities

CSPs obviously have a duty to ensure they help keep data secure and readily available. But the misconception lies with who has the ultimate responsibility of staying compliant with regulations.

In our survey, 76% of organizations mistakenly believed cloud providers take care of all data privacy and compliance. What’s even more worrisome is 83% of organizations that use or plan to use IaaS believe that their CSP takes care of backing up their data in the cloud when many cloud providers expressly state this is the customer's responsibility. Misconceptions around the levels of responsibility for data management put businesses at risk, especially with the EU’s General Data Protection Regulation (GDPR) looming. Although CSPs will have new obligations under the GDPR to protect the personal data in their clouds, the customer will too, and CSPs will continue to be able to allocate certain security responsibilities to their customers. Data management should be a shared responsibility between the organization and its CSP. Organizations must have clarity on the role of the CSP and they need to know what they can expect from their provider or providers, in order to best ensure that their data is protected.

In short, you can export your data, but you can’t fully export your responsibility.

The study, conducted by Vanson Bourne, was released October 25. To learn more, watch my video, and read the press release.




Veritas helps customers fully embrace a multi-cloud approach, manage their data, and extract maximum value from it. Veritas also has unique solutions to help our customers prepare for data privacy regulations like GDPR.