Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
2024 IT Predictions Revealed: SaaS Data Needs To Be Better Protected
By Subbiah Sundaram, SVP, Product at HYCU
As we start the New Year off, we would be remiss if we didn't
share our predictions on what challenges our customers and partners are facing,
and what impact each of these challenges has on the ways they address IT
management, data protection and data security. These are based on what our own
customers and partners are sharing, and are relevant for the broader IT
industry.
With the average enterprise having over 217 SaaS applications in
addition to their Public Cloud Services and on-prem services, there is no
wonder customers are thinking hard about how to keep themselves and their data
protected.
1. SaaS
Protection Moves Into the Top Ten Challenges Facing IT: While the continued rise of SaaS apps, more than 30,000
available worldwide, and their use in most enterprises continues unabated,
issues around compliance, regulatory requirements, and the ability to recover
in light of simple human error or deletion are becoming more than just
mainstream concerns. Also, considering recent reports where more than half of
successful ransomware attacks occur through SaaS applications, it will become
imperative for organizations to make sure they have both a way to protect and
recover SaaS application data in the inevitability of data loss.
2. The Shared
Responsibility Model as we Know it Will Continue to Evolve: Much as the Terms of Service of many SaaS application and
software vendors has taken on the shared responsibility common in cloud use.
This model will continue to evolve as vendors remain responsible for the
security, availability, and support for the services of their infrastructure,
and users remain responsible for data protection and recovery. We need to
tackle the shared responsibility model, where SaaS vendors provide the service
but relinquish responsibility for data protection and recovery. Recognizing
this, and acting upon it, is crucial for averting a potential SaaS data
apocalypse.
3. The Use of
Artificial Intelligence and LLMs Will Stretch IT Security: No one argues that AI is here, and here to stay. However, the
amount of new data that AI creates will require new ways to manage it. This is
also true for the number of new applications including SaaS that are created
using AI and associated tools and solutions. The one constant throughout the
growth of this new data source is that like many SaaS applications in existence
today, there are fewer than a handful of solutions available to protect and
recover the varied data sources at enterprise-class scale. The acceleration of
AI coupled with the rate of delivery of new SaaS services will also focus IT on
regaining control of modern IT environments through proactive management and
visualization. Knowing what you need to control and manage starts by understanding
what you have in your IT environment. And, you will see innovative uses of AI
to do this.
4. Regulatory
and Compliance Will Drive The Need for SaaS Protection: As new requirements emerge and older ones take on renewed focus
like The Network and Information Security 2 (NIS2) Directive in the European
Union (EU), cybersecurity reporting and the need to ensure data is protected
and compliant will gain momentum. This is not just true for regulations in the
EU but extends to emerging requirements in the United States and other
countries. In the US, The Securities & Exchange Commission's (SEC) new
Regulation S-K Item 106, which went into effect December 2023, requires details
on the policies and procedures to identify and manage cybersecurity threats
including operational risk, intellectual property theft, fraud, extortion, harm
to employees or customers, violation of privacy laws and other litigation and
legal risk, and reputational risk. For publicly traded companies, they will
need to not just leverage existing frameworks and best practices for risk
management, such as the NIST Cybersecurity Framework and the IEC 62443
Standards but establish best practices and processes to address data protection
and recovery in light of these requirements. There are also implications to
whom is ultimately liable if necessary, requirements are not put in place
leading to broader individual exposure at executive levels making the need for
better SaaS protection personal.
5. It's Not a
Matter of If, but When AND Where: With the
rise of ransomware attacks hitting more companies than ever before, and the
frequency of attacks shrinking from every 11 seconds to every six and predicted
to be at every two seconds by 2030, there is ultimately no way to prevent them
from happening. The focus then shifts on if it's possible to recover any, and
hopefully, all data that has been compromised due to an attack, without having
to pay a ransom for it. And, with the number of sources of attacks rising from
traditional infrastructure exposures to SaaS apps to generative AI, the ability
to know where specific exposure points are and how to observe where data may be
left unprotected will become a new focus beyond just throwing more resources
and money at prevention and detection. There will be significant advances in
visualizing data across locations, and source, to help IT departments better
manage their IT resources and ensure no data is left unprotected or exposed in
the event of an attack, or even simple human error.
We'd love to hear what you think. Any predictions you think we
missed? Let us know and we'll share a best of the best of additional items in a
future blog.
##
ABOUT THE AUTHOR
Subbiah Sundaram is the SVP, Product at HYCU. Subbiah
spearheads product management, product marketing, alliances, sales engineering,
and customer success with more than 20 years' experience delivering
best-in-class multi-cloud data protection and on-premises solutions. A Kellogg
Management School MBA graduate, Subbiah has worked with leading companies such
as EMC, NetApp, Veritas, BMC, CA, and DataGravity.