Think your vendor is protecting your data? Think again

For many of us, the last time we were physically together in an office was in early March. That’s nearly half a year ago. In that time, we’ve battled with the challenges of remote working, the strain on the economy and the biggest challenge of all, the health implications of this pandemic. Perhaps a less obvious challenge that businesses have faced is the increased threat of cyberattacks. The cybersecurity landscape has shifted significantly over the past six months. Not only have we seen a rise in cybercrime, but we’ve seen attackers looking to capitalise on our fears and leverage vulnerabilities in our dispersed data.
To add to this, as of the end of July, Salesforce officially placed the onus of all data protection and recovery services onto its customers. Having announced it has officially retired its current offering, customers need to act fast, or risk finding themselves in a vulnerable situation. Taking their lead, I want to take this moment to set the record straight and remind businesses that actually, the vast majority of vendors do not offer data protection as part of their guaranteed services.

One size doesn’t fit all

Unsurprisingly, Salesforce is not the first – nor will it be the last – company to do this. If you take a closer look, you’ll quickly find that there are very few SaaS vendors offering any kind of solution that could be defined as actual data protection. But, when looking at Salesforce, it’s fair to say that its data recovery service was never intended to be an all-encompassing solution for data recovery and protection, nor was it intended to sit on the front line to defend against maliciously or accidentally modified records.

However, what vendors like this tend to do is offer you features that mimic backup, but don’t actually meet the basic definition of it. G-Suite and Microsoft365 are commonly known and popular tools, so it is fair that many would assume these to be the safest ones around. This is a false assumption. Whilst each might be great at restoring old versions of a document or removing accidentally deleted items out of the recycle bin, they’re not so good at restoring files that could have been maliciously tampered with, and completely unable to respond to a major attack. In essence, Microsoft365’s and G-Suite’s inherent protections ignore the foundational rule of storing backups on a separate platform, and lack the sophistication or urgency that modern businesses require when such an attack takes place. This means that IT professionals are tasked with handling some of the most significant data protection gaps out there. For businesses that want the additional peace of mind that their data is safe, you need to find a backup solution that automates backups regularly and stores backups outside the system being protected.

The countless examples of cyberattacks we’ve witnessed over the past few months should give everyone a good reason to pause and consider if relying on first party vendors only is the right thing to do. Remember, in applications like Microsoft365, it’s going to be a laborious and time-consuming task to recover all of the deleted files. Why not save your team some time, enhance workplace productivity and minimise the risk of vulnerabilities now.

Navigating a complex landscape

Data has become the beating heart of each and every organisation over the past six months. This isn’t to say it wasn’t valuable and relied on before, but it’s importance has certainly increased as a result of COVID-19, so we need to protect it.

Whilst Salesforce has been known for offering “Data Recovery” at the price of $10,000, the responsibility in many ways still fell on the organisation to download and save all CSV files that you wanted to protect. Even then, this process could take anywhere from six to eight weeks to complete, and Salesforce was well aware that this offering wasn’t the safest, nor was it the most reliable. In retiring their offering, they have opened up a door to businesses to replace their offering with an all-encompassing data protection solution.

With data at the heart of our working lives, once the heart stops beating, it’s game over. Businesses need to resuscitate their data protection and data backup programmes now and put some life back into them. Time is of the essence and with threats increasing by the day, it is time to take a leap of faith, and protect yourself.

Contributed by Curtis Preston, chief technical evangelist at Druva


The post Think your vendor is protecting your data? Think again appeared first on IT Security Guru.