Data Retention – Why Businesses Should Safeguard Their Cloud Data


As the adoption rate of multi-cloud strategies among enterprises is skyrocketing, most businesses must navigate complex data retention regulations that span multiple storage platforms, including on-premises, hybrid, and public databases, as well as SaaS applications such as Microsoft 365. 

In 2021, Fortinet estimated that 76% of organizations utilized at least two cloud service providers (CSPs). Well, this number is only growing - in 2022, Flexera reported that the figure had jumped to 89% of enterprises having a formulated multi-cloud strategy. 

Considering the enormous quantity of data created every day — reaching up to 2.5 quintillion bytes every day — coupled with the multitude of laws and regulations designed to safeguard this information, it's crucial that your enterprise establishes and strictly implements robust data retention policies. In this context, we explore the importance of data retention policies alongside the implementation of a shared responsibility model.

Compliance & Risks = the Imperative of Establishing a Robust Data Retention Strategy

The increasing influence of recent legislation on data privacy and compliance, in conjunction with the significance of robust data security measures, makes establishing a reliable data retention strategy less of a desire and more of a need today. Organizations subject to multiple regulations must develop and enforce robust data retention policies to mitigate risk and ensure compliance. Regulations such as SOX, HIPAA, CPRA, GDPR, and FLSA can be difficult to keep up with since they mandate specific retention periods and data deletion deadlines. 

Both non-compliance and prolonged data retention pose significant risks. Yet, data protection continues to pose a significant hurdle, underscored by IDC's research revealing that 98% of businesses have experienced a cloud data breach in the past 18 months. Non-compliance can result in substantial fines, as evidenced by the nearly €1.3 billion collected in 2021 and over €1.6 billion collected up until May 2023 for GDPR violations.

Especially when it comes to SaaS data, delineating responsibility can be difficult - it is a common misconception that SaaS providers also provide critical services such as data protection and retention, although they manage various tasks, from hardware provisioning to software updates and data storage.

Exploring the Importance of Data Retention Policies

Data is truly the gold of the 21st century – all businesses rely on it. Thus, the following aspects underscore why it is important to protect it by implementing data retention policies:

Regulatory Compliance – By setting clear guidelines, data retention policies ensure corporations adhere to emergent and dynamic employee and consumer data privacy laws. Adhering to stringent regulations such as GDPR becomes more seamless with an established data retention policy since it offers a clear roadmap outlining the data and protocols for its storage and usage. 

Robust Disaster Recovery - Data retention policies incorporate backup and recovery components to protect mission-critical and sensitive data, ensuring swift recovery in case of outages or cyber threats. Even more, these policies limit enterprise exposure to security breaches and supplement broader data protection efforts.

Consolidated Record Storage - As businesses transition from paper-based to digital data storage, many face challenges in managing a hybrid storage environment. Customizable data retention policies cater to specific organizational needs, harmonizing diverse data storage modes and facilitating effective record management across all platforms.

Cost Efficiency - Data storage can be a substantial financial burden, particularly in extensive volumes over prolonged periods. Data retention initiatives allow an informed assessment of the need and feasibility of storing diverse datasets. And businesses can gain some valuable answers to critical questions such as the necessity, cost, schedule, and frequency of data access, ensuring a cost-effective data retention and disposal strategy.

Enhanced Data Quality & Accessibility - Outdated or replicated records can exacerbate data quality and management problems. Regularly auditing and cleaning data, as mandated by these policies, enhances data accessibility and utility.

Uncovering the Shared Responsibility Model

In a conventional data center model, the onus of ensuring security across all operational domains - encompassing applications, physical servers, user controls, and even the physical premises - lies entirely on you. Conversely, the cloud environment provides a distinct advantage. The cloud provider alleviates a portion of the operational burden from your teams, including security-related tasks. 

Moving forward, this collaborative approach is encapsulated within the shared responsibility model. Clarifying the responsibilities and duties for each data stakeholder, the delineation of security ownership is clearly defined, ensuring that each party exercises absolute control over the assets, processes, and functions under their purview.

In short, the shared responsibility model serves as a strategic blueprint adhered to by CSPs. It outlines the distribution of responsibility across the full breadth of the cloud environment, which encapsulates infrastructure, hardware, data, identities, workloads, networks, and settings, among other elements.

Client's Responsibility for Data - Under the shared responsibility model, the customer maintains absolute accountability for their data, irrespective of its hosting location. This remains consistent across various platforms, be it Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or on-premises infrastructure. 

Compliance as an Organizational Accountability - When dealing with SaaS applications and data, the client organization incurs the repercussions of mismanagement or non-adherence to data retention and regulatory norms, not the SaaS provider. In the event of non-compliance, the organization is held liable and accountable for the ensuing penalties.

Ensuring Compliance - Given the potential consequences, it is paramount for any organization utilizing SaaS offerings to devise and implement rigorous policies and procedures. As such, these measures aim to ensure they comply with the requisite data retention and regulatory standards.

Veritas Alta™ SaaS Protection – the Leading Data Management & Protection Solution

As a robust solution designed to protect your cloud-based data, Veritas AltaTM SaaS Protection reduces risks and eliminates uncertainties.  This solution provides automated backups for the most popular SaaS business applications.

Being among the 2% of businesses that did not experience any cloud breach starts with robust data retention policies. Discover how to pursue resilient data retention solutions and download our document “Veritas Alta SaaS Protection for Data Retention.”

Dylon Mills
Senior Principal Product Manager, Enterprise Data Protection
VOX Profile