DATA-PROTECTION-AS-A-SERVICE
CONTINUED
because they have smaller IT footprints. “For them to copy data from either their on- premise environment or cloud repositories into a cloud backup is quite easy. It’s a bit of a no brainer because a lot of the billings are now monthly or annual subscriptions, which makes management much easier. If you’re a small business and you’ve got a couple of guys working in IT, they’re already probably maxed out doing day to day IT tasks like setting up printers. If they can offload the responsibility of doing all the backups because it’s all been set up in a cloud repository and is just running in the background, then it makes their lives much easier. “The big benefit of cloud backup is that it’s disconnected from the on-premise environment. As we’re living in a world where ransomware and malware attacks happen daily for a lot of businesses, it takes away some of that risk by having the data held somewhere completely separated from their local environment. “At Barracuda, we sell all our products like products; it doesn’t matter if we’re selling an on-premise backup appliance or cloud to cloud backup subscription, the partner gets margin, the same as they would if they were selling a physical product.” Data residency Alasdair Anderson, VP at Protegrity, adds that resellers and customers need to be aware of data residency legislation, especially for businesses that trade and operate internationally. “Certain information must not leave a country and we’re seeing is more borders and barriers that we just haven’t dealt with since probably the Cold War,” he says. “We’ve been moving information freely for years, and now we must think about a passporting arrangement where we must show the credentials to make sure that we’re not doing anything illegal. That is one of the most challenging things when people look at data protection, data privacy, and managing data appropriately. The governance, management and audit of information that is getting used across their global businesses.” Again, this means that DPaaS solutions must be customised. “You might want to have a global infrastructure, but you must have local implementations because there’s different nuances within all nations’ rules,” he explains. “In some countries you might be able to get away with just data masking, whereas in
others you’re looking at a full anonymisation or perhaps you can’t even use the data, you have to use synthetic data. That challenge matrix, and the solutions that answer those challenges by geographies and verticals is where the business is there to be done.” Defence in depth But above all, Katie McCullough, CISO at Panzura, says DPaaS is about a defence in depth strategy. “There are too many subtleties and attack vectors, and you can’t always know what the new one is going to be,” she says. “All those things can be variable in your environment, and you don’t even know what some of your business units are going to do to, unfortunately, inject risk into your environment. If you don’t have a defence in depth strategy at all layers of your infrastructure, data and applications, you’re going to have blind spots.” She adds that businesses with multiple locations, perhaps across countries, must share data across those locations nearly in real time and therefore should have technology that helps facilitate that and make sure you’re using technologies that provide the fastest backup and restoration. “But there’s so much beyond just detection and protection,” Katie adds. “You must be testing your data, the restoration, the ability to restore data, certainly at a file level, but also at a complete file system level and incorporating that testing on a regular basis is core to any kind of service. Customers are asking for that more and more. “There’s just so much data: you must have insights into that data to make sure you know where it’s at, to make sure you know how to control it, compress it and dedupe it. We’ve got to continually advance the technology to make sure we’re keeping those costs where the customer needs it to continue for them to be profitable, but also give them the insights that they need about the data, whether that’s business requirements or just protection of the data. “It’s not just an IT conversation anymore. You must talk to application owners, business owners, about how they’re using their data to grow the business, but also what are the things that they’re concerned about with it? Is it intellectual property? Customer information? It’s understanding their business and data. We found that working with their users and understanding how they’re using the data has been the most advantageous for us.”
There are too many subtleties and attack vectors, and you can't always know what the new one is going to be. “ ”
44
Powered by FlippingBook