BUSINESS NEWS SPONSORED BY DELL E-SERIES 24" MONITORS FROM DCC:
By Rick Vanover, Senior Director of Product Strategy and Chris Norton, Regional Director for Africa, Veeam Software
South Africans are becoming accustomed to the Protection of Personal Information Act as well as reading about high-profile data breaches or ransomware attacks. It’s always been crucial, but now more than ever, data protection and matters around compliance with data regulation need clear ownership within an organisation.
Ultimately, the buck stops with the CIO, but with businesses’ IT and data management needs growing ever more complex, ownership within the teams that report to the CIO can become fragmented and confused. Given the huge growth in Software-as-a-Service (SaaS) that has taken place in the past decade and was significantly accelerated during the Covid-19 pandemic, SaaS has become a great example of where these lines of ownership can become blurred.
In South Africa, there is a great deal of confusion around these blurred lines, specifically relating to customers’ understanding of the role of a SaaS application provider. In most cases, the SaaS provider is responsible for making the application available and keeping it available. Ensuring data that the SaaS application generates or manipulates is backed up does not normally form part of mainstream SaaS providers’ responsibilities and needs to be considered when planning a Modern Data Protection strategy.
According to the Veeam Data Protection Trends Report 2022, in South Africa, 23% of organizations rated the ability to protect cloud-hosted workloads as the most important buying factor for enterprise data protection in 2022. 28% believe IaaS/SaaS capabilities to be the definitive attribute of Modern Data Protection.
The largest subset of broader public cloud services according to Gartner, SaaS is a key cog in an organisation’s ability to execute on their digital strategy. But Digital Transformation (DX), of which SaaS is a vital component, must be underpinned by a Modern Data Protection strategy – which is the ability to back up, secure and restore data across physical, virtual, cloud, SaaS, and Kubernetes environments.
The Veeam Data Protection Trends Report 2022 also found that data protection challenges were hindering DX in the eyes of CXOs – with 89% of organizations not protecting data sufficiently. It is therefore crucial that organizations establish clear ownership over who is backing up SaaS data, who is planning and stress testing Disaster Recovery, and who is enforcing regulation.
Big job: who’s is it?
Protecting SaaS data is a big job. Imagine the scale of the data produced by a large organization’s Microsoft 365 provision. Much of this data is likely to be confidential, sensitive and contain information that is vital to business operations. It is mission-critical data, which needs to be backed up and fully recoverable in the event of an unplanned outage or cyber-attack.
Microsoft 365 is a good example of where poor assumptions about what data is protected and what isn’t can be made. The in-built data protection capabilities of Microsoft 365 can give businesses a certain amount of reassurance that the majority of their data is backed up and protected. However, the only way to truly have the peace of mind that Microsoft 365 data is fully protected and recoverable is via a third-party backup solution. Both SaaS and Backup admins are becoming wise to this fact, according to Veeam’s 2021 Cloud Protection Trends Report, citing reasons such as accidental deletion of data, preparation against cybersecurity attacks and insider threats for protecting Microsoft 365 data.
The topic is slowly starting to gain traction here in South Africa, but there is still a steep learning curve for customers to understand the roles and responsibilities in the process, including what is covered in their SaaS agreements and what is not covered. A good analogy would be to think about insurance policies, something we are all used to. It is crucial to read the contract and understand the deliverables so that all potential risks can be assessed and addressed in the planning phase.
Owning Modern Data Protection
The first step is to define clear roles and responsibilities between SaaS and Backup admins to ensure that every stage of data protection has an owner. Given that SaaS admins’ roles will continue to expand at a fast pace given the emphasis organisations are placing on DX, their capacity for dedicating resources to data protection is likely to decrease.
Therefore, there will always be a clear role for Backup admins with the sole purpose of ensuring data across physical, virtual, cloud, SaaS and Kubernetes is always protected. With SaaS growth accelerating and driving growth in Kubernetes deployment around the world, including South Africa* where 46% of firms run containers in production, and 44% plan to do so over the next year, businesses must not only establish clear lines of responsibility, but also work with a third-party backup specialist.
This will ensure organisations are taking full advantage of the expertise and automation available to them, putting them on the front foot when it comes to their Modern Data Protection strategy.
Specifically, for the South African market, it is vital for all stakeholders to understand that Modern Data Protection strategies should include SaaS-based risks and assumptions, and should these be considered as opposed to deploying legacy-based policies and products into modern environments - or even worse assuming that the SaaS provider will by default assume responsibility for the data.
Ultimately, establishing ownership of SaaS data protection means that organisations’ DX is not being held back by their data protection challenges and that they can continue to deploy SaaS with the confidence of knowing that their data is fully protected in the event of an outage or cyber-attack.