All you need to know about DMaaS and BaaS for today’s complex cloud environments.
Data Management as a Service (DMaaS) is a Software as a Service (SaaS) offering designed to provide enterprises with a radically simple way to back up, secure, govern, and analyze their data.
Cohesity recently made available in Asia Pacific its BaaS portfolio, which aims to provide customers with another simple way to backup and recover data so IT staff can focus on core disciplines like accelerating digitalization for their businesses.
For the Asia Pacific region, Cohesity takes care of managing the underlying DMaaS infrastructure, hosting the offerings on Amazon Web Services (AWS). CybersecAsia finds out more about cloud backup, recovery, governance and security from Sathish Murthy, Director of Systems Engineering, Cohesity ASEAN/India.
What is Backup as a Service (BaaS) and what benefits does a cloud-based backup offer?
Sathish Murthy (SM): BaaS is a SaaS backup solution that gives customers another easy way to back up their data on-premises or in cloud environments, including workloads like Microsoft 365, Amazon Elastic and Amazon RDS, or on-premises data sources such as virtual machines, NAS, and databases.
This helps organizations because it means the underlying infrastructure is managed for them, with the service is hosted on AWS. BaaS simplifies data protection by unifying backup data across hybrid and multi-cloud with a single interface. It provides a secure and efficient way to protect and consolidate your backup data in one place, in the cloud.
After you have your organization’s data backed up and collected in the cloud, you can glean more value from other DMaaS services like analytics, data governance, or development and testing features.
Why should organizations be isolating their data or data backups, and how can they do this to improve their security posture?
SM: Data isolation and recovery to protect against ransomware, disasters, or bad actors, is not a new concept. Many organizations may already be employing a variety of methods including shipping magnetic tapes offsite or deploying and maintaining remote clusters at parallel infrastructure.
However, both these methods are complex, time-consuming, costly and error-prone.
Restoring from tape, in particular, is seldom able to meet strict recovery SLAs. A SaaS-based data isolation solution, like that of Cohesity FortKnox, simplifies this complexity by providing a modern and relevant way to isolate data in the cloud, which minimizes attack surfaces and improves recovery time SLAs. Additionally, they also help improve ransomware response and recovery preparedness by identifying clean copies of data to minimize the risk of reinfection.
What is the benefit of having data isolation via the cloud instead of tape-based data isolation?
SM: In the cloud era, maintaining data isolation is more challenging due to the complexity of the cloud, the ambiguity in defining failure domains, and the dynamic nature of bringing in new workloads.
SaaS data isolation capabilities help customers improve cyber resiliency by providing an isolated and immutable copy of data in a vendor-managed cloud vault, which organizations can utilize to recover confidently from attacks.
With a SaaS-based solution, organizations can access an ‘as a service’ offering to vault their data, and even run drills from that isolated environment. This helps simplify and bring operational savings to customers because it allows for OpEx funded data isolation instead of CapEx, while the added ransomware detection and data isolation can help enhance the protection customers have for workloads that they haven’t previously vaulted.
In the case of FortKnox, we also provides organizations with an operationally air-gapped copy of data that is tamper-resistant and isolated from ransomware attacks or bad actors.
How can SaaS-based offerings help organizations better manage and protect their data?
SM: For every organization, the management and protection of their data should be an operational imperative. Data management and data protection doesn’t simply mean only knowing what types of data they have – which is a much harder task than many organizations realize – or backing it up, it means understanding your data footprint, where data is housed, how it is protected, if it’s recoverable should a disaster like a ransomware attack occur, and how fast it can be recovered.
The problem is that many organizations rely on legacy data management technology that was primarily developed in the 20th century and not designed solve the IT and cyber threat challenges of today. Legacy technology causes problems for organizations because it was not designed to integrate with modern IT infrastructure or third-party security solutions, is not able to share security protocols, often requires a costly DIY approach to be taken in managing data, and it results in data silos that create not only an expanded attack surface; but a hard to see or invisible attack surface.
Organizations need next-gen data management capabilities that deliver the unique combination of simplicity at scale, alignment with zero trust security principles, AI-powered insights, and 3rd-party extensibility. Together, the integration of these elements allows organizations to address the complexity, inefficiency, cost, and risk, of managing data with legacy solutions, and helps unlock limitless value from data.
Any other tips or recommendations for organizations looking to manage their constantly growing data and cyber risk?
SM: Based on our observations, here are five best practices that organizations and leaders can adopt:
- Accept & embrace your data proliferation: Increased technology adoption, accelerated by the pandemic, has resulted in excessive data generation that IT and security teams must now get a handle on to adequately manage, govern, protect, and benefit, from it.
- Review & revise your data policies and management approach: Consider how you are collecting, governing, managing, storing, protecting, and backing up data. Relying on the way data has always been managed, and with legacy data management technology, isn’t enough in today’s cyber threat environment. Work backwards from the outcome you are looking to achieve and review your data management technology based on its next-gen capabilities.
- Invest in immutable backup technology: Invest in data management technology that has immutability baked in and not added as an afterthought. Immutable backups and their data cannot be modified, encrypted or deleted, making them one of the purest ways to tackle ransomware as they ensure the original back job is kept inaccessible.
- Adopt the 3-2-1 rule to backups, and consider a +1: Under this rule, you must have at least three copies of your data, store the copies on two different types of media, and keep one backup copy offline or offsite. This simple approach means you will always have an available and usable backup of your data and systems. Offsite and offline backups not only limit the effects of ransomware but help to maintain business continuity. However, now it’s time to consider going beyond by adding a +1 to the 3-2-1 rule by leveraging data isolation solutions that provide an isolated and protected backup that can be quickly restored from (they may be more cost effective too).
- Test & test again: You may already have a backup schedule, you may have implemented the 3-2-1 rule, and even immutability, however, testing the implementation of these solutions and best practices and how long it will take to recover from your backup is vital.