Author Archive

Data Sovereignty in the Cloud

Mat Hamlin

Director of Products for Spanning by Dell EMC
Mat is the Director of Products for Spanning by Dell EMC. He is responsible for the overall direction and strategy for Spanning's suite of SaaS backup and recovery solutions. His career in technology spans five startups and two large organizations, all in Austin, TX. Mat started out in product support and training, then engineering leadership and for the past nine years has been focused on product management and product marketing. Prior to joining Spanning, Mat served as Sr. Product Manager for SailPoint Technologies and Sun Microsystems, contributing to their market-leading enterprise identity management solutions.

The requirement to comply with data protection and privacy laws, like the EU’s General Data Protection Regulation (GDRP) and Australia’s privacy laws, drive the need to evaluate where enterprise organizations are storing their data in cloud data centers. If your organization hosts your own data centers, this can be challenging if you are multinational, but it can be just as difficult when you rely on SaaS providers to manage your data since the control of your data destination is a bit out of your hands.

dp-compliance

If you’re using a SaaS application, such as Office 365 or Salesforce, and are backing up your data with a third-party backup provider, there are many factors to consider as you evaluate your data protection strategy. Understanding the regulations and requirements first and then considering how the providers handle your data are both important.

What privacy laws apply to my organization?
As you build a cloud and data protection strategy, start by evaluating the privacy laws that apply to your data and corporate policies, and compare that against your SaaS provider’s offering, including the primary data storage location and their replication strategy.

My strong suggestion is that you work directly with your audit, compliance and legal teams to ensure you fully understand the regulations that could be applied to you directly or indirectly through business relationships with organizations in other regions.

Generally, global privacy and data protection laws provide strong frameworks and mechanisms to transfer personal data to other countries and economic regions if required, but the regulations are typically strict and the penalties can be costly. As a result, many organizations decide to enforce data governance policies that ensure data remains within defined boundaries. (more…)

Data Recovery Versus Restoration: When it comes to SaaS Backup, Restore is Everything

Mat Hamlin

Director of Products for Spanning by Dell EMC
Mat is the Director of Products for Spanning by Dell EMC. He is responsible for the overall direction and strategy for Spanning's suite of SaaS backup and recovery solutions. His career in technology spans five startups and two large organizations, all in Austin, TX. Mat started out in product support and training, then engineering leadership and for the past nine years has been focused on product management and product marketing. Prior to joining Spanning, Mat served as Sr. Product Manager for SailPoint Technologies and Sun Microsystems, contributing to their market-leading enterprise identity management solutions.

As more organizations are moving their critical data to the cloud and leveraging SaaS applications like Google Apps, Office 365, and Salesforce, we’re witnessing a simultaneous evolution in the backup industry. These forward-thinking organizations are focusing not just on creating backup copies of data for safekeeping, but they’re also considering what it takes to maintain all facets of data protection, including business continuity, accessibility, and compliance. These goals require a new breed of backup. As we like to say at Spanning: Backup is one thing. Restore is everything. It won’t do you much good to just have your SaaS data backed up and stored somewhere unless you can get it back into your SaaS applications (along with metadata and customizations) quickly, easily, and accurately.

What’s the difference between recovery and restore?
Recovery simply means you get your data back – not that you get it back exactly the way it was. In the event of a data loss, you may be dismayed to find that your existing backup and recovery solution or provider defines recovery as exporting all versions of your backed-up SaaS application data and delivering them to you in a zipped folder containing nothing but a massive CSV file. That means your IT team will probably have to expend a lot of time and effort manually identifying precisely what data was lost, rebuilding your file structure the way you had it before, importing or restoring the data back into the application, and then validating it so everyone can finally get back to work. Data recovery is like someone handing you a giant stack of photos with a rubberband around it for you to recreate a scrapbook you had lovingly put together in chronological order with notes, decorations, and keepsakes for each photo.

data recovery

data recovery

Restore, on the other hand, means having that scrapbook returned to you in mint condition with all your memories perfectly intact – even if the original copy was completely destroyed. Translation? Data restoration means accurately and automatically returning your data directly back into your SaaS application, exactly the way it was before you lost it. Excellent backup and restore solutions will restore data from any point in time with file structure, metadata, and labels intact, while providing the flexibility to restore exactly what was lost – whether a single file from yesterday or an entire account from last year. Some solutions even make this process easy enough that an end user can do it in a few clicks without IT intervention. (more…)

The Misconceptions and Realities of Data Protection in Cloud-based Office Productivity Suites Today

Mat Hamlin

Director of Products for Spanning by Dell EMC
Mat is the Director of Products for Spanning by Dell EMC. He is responsible for the overall direction and strategy for Spanning's suite of SaaS backup and recovery solutions. His career in technology spans five startups and two large organizations, all in Austin, TX. Mat started out in product support and training, then engineering leadership and for the past nine years has been focused on product management and product marketing. Prior to joining Spanning, Mat served as Sr. Product Manager for SailPoint Technologies and Sun Microsystems, contributing to their market-leading enterprise identity management solutions.

Speaking with customers and prospects is the Spanning product team’s number one priority, and we continue to hear some common themes related to SaaS data protection. It’s always nice to see our findings confirmed by others, — especially industry analysts, In a recent international Gartner study, they found that businesses now consider SaaS deployments mission-critical for cost savings, innovation, and agility. Cloud-based productivity suites like Google Apps and Office 365 are becoming prevalent in the enterprise market, however, as Gartner’s research shows, data loss, privacy and security continue to be primary concerns.

When organizations move to cloud-based applications, they often misunderstand and underestimate the need to consider third-party data protection for SaaS applications like Google Apps and Office 365. So, I’d like to examine some of the misconceptions and explain the realities of data protection in these cloud-based office productivity suites.

Misconceptions about SaaS data protection
It is common for SaaS adopters to think that once they implement a cloud-based productivity solution like Google Apps or Office 365 there’s no further need to think about backup and recovery. Yet approximately 32% of SaaS users have lost data in the cloud.

cloud question markHow is this possible? Many SaaS users don’t fully understand what their cloud service provider covers and where their own responsibility begins in protecting data stored in SaaS applications. Each service provider’s SLA contains detailed and often confusing information on the configuration and policies surrounding each service. Navigating the options is difficult and even with full understanding, there are clear gaps in the providers’ ability to protect and restore customer data.

For example, in Office Exchange Online, users can purge their deleted items folder and their “junk folder” (recoverable items folder). By default, the data is permanently deleted from the recoverable items folder after 14 days (or 30 days if the administrator extends this period manually). Without the right policies in place and a third-party backup and recovery partner, users may be left with no recourse to get this data back from Microsoft. You can learn about other similar scenarios in Office Exchange Online and how to prevent data loss here. (more…)

3 Key Data Protection Considerations When Moving to the Cloud

Mat Hamlin

Director of Products for Spanning by Dell EMC
Mat is the Director of Products for Spanning by Dell EMC. He is responsible for the overall direction and strategy for Spanning's suite of SaaS backup and recovery solutions. His career in technology spans five startups and two large organizations, all in Austin, TX. Mat started out in product support and training, then engineering leadership and for the past nine years has been focused on product management and product marketing. Prior to joining Spanning, Mat served as Sr. Product Manager for SailPoint Technologies and Sun Microsystems, contributing to their market-leading enterprise identity management solutions.

ThinkstockPhotos-535375621Get your pencils out. I have a pop quiz! First question: What three IT practices did you use to protect and control your on-premises data from your own employees, contractors, and partners?

If you said, identity and access management, data loss prevention and backup, and recovery you are correct! Using a combination of these three you can manage who has access to data, monitor and control what users are doing with the data, and recover from any mistakes, malicious behavior, misconfigurations or integration problems.

Question 2: How do your responsibilities for these change when you move to a SaaS application like Salesforce, Office 365, or Google Apps?

No, this is not a trick question. If you answered “They don’t change” you are absolutely correct! They don’t.

When you move from an on-premises application to a cloud-based application you are moving to a shared responsibility model where you are no longer responsible for application availability, intrusion detection, software reliability, disaster recovery, etc. The SaaS provider takes care of that but you are still responsible for protecting your data from your own people. (more…)

SUBSCRIBE BELOW

Categories

Archives

Connect with us on Twitter

Click here for the Cloud Chats blog