Strong IT organizations don’t just have well defined data protection policies. They have the tools and operations in place to implement them. However, even the most effective backup and data protection teams struggle to stay ahead of massive, daily data proliferation.
While a good part of the struggle is just managing large data volumes, a new culprit is entering the scene: the emergence of new data generators and the storing of data in new application types.
These new data generators are just too convenient and worthwhile to go away. That means organizations committed to data protection and cyberattack resiliency will have to get ahead of them and develop new backup strategies.
New Data Generators Running Under The Radar
While the bulk of data is still stored on an organization’s traditional on-prem or cloud infrastructure, this is changing. Widespread usage of SaaS applications, the emergence of IoT devices in business operations, and the growth of endpoints represent not just new data generators, but, more importantly, data that is frequently left unprotected.
1. Data from SaaS Applications
Enterprise-scale organizations tend to have 300 SaaS applications in-use and spend $4.5 million on annual SaaS subscriptions. However, it’s not just the proliferation of SaaS applications but the business value of data stored within them that really matters.
Consider an organization’s marketing and sales CRM solution. Everything from customer contact information, key account stakeholders, deal amounts, contracts, product usage data, and conversation histories are saved in 3rd party applications’ cloud servers. That’s critical data that cannot be lost.
It’s no surprise that Veeam recently announced support for backing up Salesforce data. And, that venture capitalists are putting significant money behind backup software like OwnBackup that supports Salesforce and Service Now backup and recovery.
But this is just the tip of the SaaS data protection iceberg. These are all extremely nascent solutions which means the bulk of critical SaaS data continues to stay unprotected.
2. Data Collected & Stored In IoT Devices
Just last year, there were more than 10 billion active IoT devices. On top of that, data generated by IoT devices is expected to reach over 73 Zettabytes by 2025.
Enterprise organizations are not alone, adopting IoT solutions to simplify data collection and daily operations. However, the data collected represents what Druva CTO Stephen Manley calls “small data sprawl.” That is, data is stored everywhere, from the individual devices that collect it to every part of the IT infrastructure pipeline where it is moved and stored.
3. Endpoint Devices
The amount of corporate data on endpoint devices is doubling every 18 months, largely driven by the growth in remote or hybrid workers and new norms around “Bring Your Own Device” (BYOD) options.
However, endpoints are often one of the weakest links in cyberattack programs. According to IDC, 70% of breaches start from endpoint devices.
Despite this, many organizations still focus exclusively on backing up data from on-prem or cloud servers. Endpoints are not part of their backup policies. In fact, 42% of backup administrators report that implementing endpoint backup protections is something they anticipate tackling three to five years from now.
On the upside, endpoint backup software is in a more mature space than SaaS or IoT backup solutions, with everyone from Druva and Commvault in the enterprise space down to Carbonite in the SMB space offering options. This will enable organizations ready to secure these vital data sources a variety of ways to do so.
The Implications Of Not Backing Up This Data
What happens when data from endpoints, SaaS solutions, and IoT devices is not backed up? The same key issues that happen when any data within an organization is not backed up:
1. Non-Compliance – Whether it’s internal auditors or external government regulators, most enterprise organizations are accountable to backup compliance guidelines. These guidelines govern all data, not just data produced from traditional or legacy sources.
While data from these sources may not be on regulators’ radars right now, it will. When that happens, organizations will be expected to produce the same data protection reports that they have historically produced for cloud and on-prem backup data. Organizations not thinking about this today will be one step behind.
2. Diminished Data Resiliency – When data isn’t backed up, there’s nothing protecting it from cyberattacks, natural disasters, or other major events. Critical data will either be lost forever, or organizations will have to contemplate spending millions in ransomware fees.
The rise in cyberattacks, and the innovative tactics used to penetrate IT infrastructures, makes this scenario almost inevitable. Enterprise organizations must assume data restoration events will be needed, and that those recovery events will apply across data sources.
In sum, organizations actively working to stay compliant and build strong data resiliency throughout their IT infrastructure must take these data generators into account. If not, there will always be data protection holes within their daily operations.