SaaS Data Protection Trends in the Tech Industry

As we enter into the third quarter of 2018, the Spanning data security, product and engineering teams took stock of how the year is shaping up for organizations in terms of SaaS data backup and restore.

This year has shown so far the continuation of some technology trends (AWS’s continued cloud dominance) and some unexpected data security developments (Hello, California Consumer Privacy Act 2018!)

At the start of the year, we predicted that this would be the year of SaaS Data Protection  and it is proving to be the case. From data privacy and retention issues to a new focus on searchability, organizations in many parts of the world are seeking answers to the complicated questions around compliance and regulatory needs.

Here are the five key ideas, trends and predictions from the Spanning team so you can make the most out of the second half of 2018 for you, your organization and your customers.

SaaS Data Protection Trends in the Tech Industry

Tech and Cybersecurity: Don’t Fall Asleep at the Wheel

Meltdown & Spectre – Everyone was talking about Meltdown and Spectre in January, and for good reason. As a reminder, Meltdown is specific to Intel CPU’s, while Spectre affects systems on any platform. The bad news continues as both hold brand new vulnerabilities and still only have proof-of concept exploits available with no known exploits in the wild. If you haven’t already, it’s time to get off on-prem hardware and transfer the responsibility of keeping that data stored to SaaS providers.

Cryptojacking – It has been making a strong appearance over the past six months. Cryptojacking isn’t the traditional kind of security threat. Instead, this falls more into the authorization arena of security by using hosts for unauthorized activities. With increasingly lucrative (and erratic) nature cryptocurrency markets, malicious actors are looking for ways to perform the costly computations necessary to ‘mine’ new currency without paying for equipment, space and electricity themselves. Having an alternative data protection solution in place is a good idea.

Fileless Malware – Fileless Malware is posing a major threat for organizations. In fact, over one third of malware comes in a fileless form now. Fileless Malware can launch without being stored on a disk, and is outsmarting defenses and exploiting tools that are already stored on the victim’s machine, becoming smarter and more powerful. Because Fileless Malware lives in data, it’s possible to carry this malware in spreadsheets or documents that get emailed back and forth in businesses, allowing it to blow right past any security system. Having an alternative backup of the data to revert to is key to recovering from this type of malware attack.
– Brian Rutledge, Principal Security Engineer

Battle for Cloud Dominance Continues

AWS is the clear leader but there is strong, and growing, competition from Azure and GCP. Some retailers, for example, have stayed away from AWS, and Microsoft and Google are making inroads with maturing capabilities. Choice among cloud providers is a good thing but it can lead to confusion for organizations seeking to understand how best protect their data and adhere to data privacy regulations like the EU’s GDPR.

At Spanning, we use AWS and have data centres in the United States, Ireland and Australia to meet your data sovereignty and security needs.
– Ruel Loehr, Engineering Director

Risk for Data Loss Grows for Organizations

Because Spanning customers run the gamut from enterprise-sized organizations to SMBs, we have a unique view into trends around these different organizations’ perceptions of data loss — and their actual risks. On the enterprise side, we’re glad to see our customers taking the threat from ransomware and malware attacks seriously and planning ahead for recovery. The number of inquiries from enterprises about recovering from ransomware, malware and data losses due to malicious insiders continues to grow. On the SMB side, the risks from data loss are the same; our SMB customers are likely outperforming their peers, since few SMBs take action to defend against and recover specifically from malware. This is an alarming trend, since the risks to SMBs are the same as those facing large enterprises.
– Daivat Dholakia, Director of Products

For MSPs, 2018 is the year that “business as usual” became unsustainable

Spanning’s channel partners have seen how the rapid growth of Microsoft Office 365 means “business as usual” is no longer sustainable. The explosive trajectory of Office 365 adoptions (according to Okta, Office 365 grew its customer base 40%) has a direct impact on MSPs, many of whom depend on revenue from managing and maintaining Exchange servers. As noted by the leader in IT management software, Kaseya, “As SMBs have migrated from on-premises Microsoft Exchange servers to Office 365, MSPs are rapidly adapting their service offerings. Today, 87 percent of Kaseya MSP customers provide Office 365 services representing over 9 million deployed seats.” To support MSPs and their SMB customers — customers who are at the same risk of ransomware and malware attacks as enterprises — Kaseya and Spanning have come together to develop the new Kaseya Office 365 Backup solution. This solution underscores how 2018 is a pivot-point for transforming “business as usual” into future growth for channel partners and MSPs.
– Lori Witzel, Sr. Product Marketing Manager

Data Privacy Regulations Expand to the US

It wouldn’t be 2018 without a big mention of the EU’s GDPR going into effect and the adoption of Privacy by Design. [Read our entire 10-part GDPR series for more details.]

What was surprising for many of us in the privacy space was the speed that the first GDPR-esque legislation was enacted in the United States – the California Consumer Privacy Act 2018. For some, it didn’t go far enough but for all of us, it is a reminder that data privacy is a US issue. For the rest of the year, I expect to see organizations looking to find a standard; ISO 27001 appears to be the most popular.
– Brian Rutledge, Principal Security Engineer

Please share your thoughts in the comments or with us on Twitter.

Learn about Spanning’s Code Review Process