APEX Protection Storage (DDVE in-cloud) inherits from Data Domain Invulnerability, including features like end-to-end verification, fault avoidance and containment, continuous fault detection and healing, and file system recoverability.
Although these capabilities help support the fundamental concepts demanded by the security pillar of any cloud framework, taking advantage of public cloud provider architectures can help improve overall security through specialization and shared responsibilities:
- Specialization – Specialists at major public cloud providers develop advanced capabilities to make the systems deployed secure as well as to ensure smooth operation on behalf of organizations. This approach allows customers to take advantage of the economies of scale resulting from dedicated teams investing in security optimizations. Providers develop the expertise necessary to defend their users against a collection of adversaries with the potential to attack their customers.
- Shared Responsibility Model – Since APEX Protection Storage resides exclusively on public cloud, the security of the resulting operational environment is shared by both the public cloud provider and the customers. By properly defining existent tools and solutions from public cloud providers, our customers can take advantage of the security protections built into the public cloud services. An evaluation of the services and technology tool choices is always recommended.
- Innovation Security – As the organizations transition to public clouds, a comprehensive security approach should consider defining a DevSecOps process that integrates security expertise and taking advantage of the resources available to constantly reinforce the overall solution security.
The following diagram summarizes this approach as described by the Microsoft Cloud Adoption framework.
Note: See this article on Security in the Microsoft Cloud Adoption Framework for Azure for more information.
Figure 2. Security shifts to continuous improvement from Microsoft Cloud Adoption Framework