As the amount of data produced by businesses continues to grow rapidly – as do the threats from cybercriminals – then the need to protect that data also grows, and increasingly businesses are turning to data-protection-as-a-service for this.
Data has never been so important to businesses as it is now. The technology used by businesses now produces more data on every aspect of the running of a company than ever before, which can be used to improve how it runs and its profitability. This also means that it needs to be protected more than ever, as the number of cybercriminals continues to grow too.
Increasingly, businesses of all sizes are using data-protection-as-a-service (DPaaS) to keep their data safe. Research by IMARC Group found that the global market for DPaaS reached $25.5 billion in 2022, and this is anticipated to grow to $111.3 billion by 2028, showing the demand for it.
Dan Smale, senior service owner at Fasthosts ProActive, says this growth is largely driven by several factors. The first is growing data security concerns. “As the volume of data generated and stored by businesses continues to grow, there’s increasing concerns about data protection and compliance,” he says. “To address this, many people are turning to DPaaS as a convenient and effective way to ensure data is captured, stored and protected securely.
“Cyberattacks such as data theft or ransomware continue to grow in frequency and sophistication especially in the context of hybrid clouds and portable devices. Therefore, many businesses are looking to DPaaS to strengthen cybersecurity measures and safeguard valuable data. In these situations, DPaaS can also support with robust backup and recovery capabilities.”
He adds that the rise of digital transformation and many businesses moving more of their operations to the cloud is also growing the need for cloud-based data protection services.
Growing cost-efficiency pressures are also impacting. “Where businesses are continually looking to optimise IT budgets in a complex economic landscape, DPaaS can offer a cost-effective solution compared with maintaining on-site data protection infrastructure,” Dan says.
He adds that as data protection regulations continue to be strengthened, comprehensive data backups and recovery solutions, such as those offered by DPaaS, are essential to ensure compliance.
Ovi Gherghel, director cloud and cyber security, UK&I at Ingram Micro, notes that the cost of not having data protection can be staggering, potentially running into millions in terms of data recovery, regulatory fines and damage to reputation.
DPaaS can also save money, he adds. “DPaaS provides scalability, eliminating the need for large upfront investments in hardware and expertise. It’s highly flexible, adapting to evolving data needs and ensures data integrity and availability across diverse environments, including the cloud. Moreover, DPaaS leverages cutting-edge security measures and encryption, reducing the risk of data breaches. It’s a cost-effective, proactive approach to safeguarding data, making it a strategic choice for businesses in today’s digital landscape.”
Ovi adds that there is a growing emphasis on hybrid and multi-cloud strategies. “This allows organisations to balance performance, cost and compliance. Customers seek seamless integration and management across these environments.”
Adam Burns, director of security operations at Fortra, says that DPaaS solutions also offer seamless scalability, faster time to value and continuous updates and enhancements. “This ensures your data protection strategy always leverages the latest technologies,” he says. “Opting for a managed service approach further reduces overhead and provides businesses with the assurance that experts are continuously monitoring their data and identifying opportunities to further reduce risk.
“As we navigate the world of data protection, there’s a clear shift towards solutions powered by artificial intelligence and machine learning. Customers are increasingly seeking platforms that not only respond to threats but also predict and mitigate them in real-time.
“Resellers aspiring to tap into this market can do so through strategic partnerships with vendors like Fortra. By joining our partner ecosystem, resellers gain access to comprehensive training, equipping them to deliver value to their clients. Additionally, partners benefit from exclusive resources, and the opportunity to collaborate with industry leaders, ensuring continuous growth and strengthening market presence.
“The future of data protection is not just about reacting but proactively shaping secure digital futures.”
No one size fits all
Dan adds that DPaaS may look different for every business, and often they won’t need every product from the outset. “There are many different potential components to DPaaS, including data backup and recovery, data encryption, disaster recovery and data archiving, so understanding which are important to helping achieve the desired outcomes, and building a solution around this, is key,” he says.
“Resellers should be having meaningful conversations with customers to help them choose the right solution for their individual business. These should be consultative and focused on understanding the customer’s specific needs, challenges and goals.
“Some of the key topics and questions that resellers should address include: the current data environment, data criticality and business continuity, data growth and scalability, compliance and regulatory requirements, as well as recovery objectives.”
Neil Langridge, marketing and alliances director at e92plus, adds that the market for data security is complex. “While cybersecurity is growing well ahead of the rest of the IT channel, data protection is not accelerating at the same rate,” he says. “This is despite the huge challenge around managing and securing data from attacks, leakages and breaches, where it’s located in multiple locations and environments. From cloud apps to user devices, organisations now have disparate environments and increasingly face the challenge of external cybersecurity where their data is beyond their control, from digital supply chains and suppliers to social media.”
This complexity, allied to the skills gap in IT security and a reduced capacity for more complex projects in IT teams, especially in SMEs, means that passing the proactive management to partners is a “logical step,” he adds.
“This also enables partners to offer a more nuanced solution, with a focus on business outcomes and the integration of multiple vendor products. Data security and protection can’t be achieved purely from a single offering and can encompass multiple technologies. This can include encryption for data at rest, data classification to understand what’s important, securing data in transit, and finally data sharing and ensuring IP and information can be effectively shared with partners, customers or suppliers without risk.
“To identify these opportunities, it’s essential for partners to understand the risk posture of their customers, and where they have particular requirements – compliance, use of APIs, multiple digital supply chains, or wide use of data stored or accessed through third party cloud apps. Data can often be the source of value in an organisation and leveraging that can help drive competitive advantage – ensuring that any conversation around DPaaS is clearly focused on positive outcomes around data protection rather than just on the potential risk.”
Ovi adds that while resellers can tailor DPaaS solutions to their clients’ specific needs, they must also provide education and training to clients. “This ensures they comprehend the value and implementation of DPaaS,” he adds. “Building trust is paramount, as resellers should act as trusted advisors, helping clients navigate the complex landscape of data protection. By delivering value-added services, resellers can foster long-term relationships and thrive in the DPaaS market.
“Resellers engaging in DPaaS discussions with customers should focus on understanding the specific needs and priorities of the end customer. These conversations should revolve around data protection requirements, compliance obligations, and recovery objectives. Resellers should inquire about the volume and criticality of data, as the right DPaaS solution often depends on these factors.
“It’s essential to discuss pricing models, like per-user or per-gigabyte, to align with the customer’s budget and usage patterns. Highlighting the flexibility and scalability of DPaaS can also be valuable, as it allows customers to adapt as their needs evolve. Ultimately, the goal should be to tailor the DPaaS solution to match the customer’s unique circumstances, ensuring they receive the most effective and cost-efficient data protection solution.”
Charlie Smith, consultant solutions engineer at Barracuda Networks, notes that as customers have more data deposited in the cloud, it becomes a natural progression that if the data is sitting in, for example, Microsoft 365, it doesn’t make good business sense to backup all that data and pull it to an on premise backup server because if there is a ransomware attack or something that takes out the local infrastructure, it puts all the cloud backup data at risk as well. “We’re seeing a trend for customers moving into the SaaS world of backup,” he says. “There’s a shift in the market segments too; more SME businesses are shifting to cloud backup because they have smaller IT footprints.
“For them to copy data from either their on-premise environment or cloud repositories into a cloud backup is quite easy. It’s a bit of a no brainer because a lot of the billings are now monthly or annual subscriptions, which makes management much easier. If you’re a small business and you’ve got a couple of guys working in IT, they’re already probably maxed out doing day to day IT tasks like setting up printers. If they can offload the responsibility of doing all the backups because it’s all been set up in a cloud repository and is just running in the background, then it makes their lives much easier.
“The big benefit of cloud backup is that it’s disconnected from the on-premise environment. As we’re living in a world where ransomware and malware attacks happen daily for a lot of businesses, it takes away some of that risk by having the data held somewhere completely separated from their local environment.
“At Barracuda, we sell all our products like products; it doesn’t matter if we’re selling an on-premise backup appliance or cloud to cloud backup subscription, the partner gets margin, the same as they would if they were selling a physical product.”
Alasdair Anderson, VP at Protegrity, adds that resellers and customers need to be aware of data residency legislation, especially for businesses that trade and operate internationally. “Certain information must not leave a country and we’re seeing is more borders and barriers that we just haven’t dealt with since probably the Cold War,” he says.
“We’ve been moving information freely for years, and now we must think about a passporting arrangement where we must show the credentials to make sure that we’re not doing anything illegal. That is one of the most challenging things when people look at data protection, data privacy, and managing data appropriately. The governance, management and audit of information that is getting used across their global businesses.”
Again, this means that DPaaS solutions must be customised. “You might want to have a global infrastructure, but you must have local implementations because there’s different nuances within all nations’ rules,” he explains. “In some countries you might be able to get away with just data masking, whereas in others you’re looking at a full anonymisation or perhaps you can’t even use the data, you have to use synthetic data. That challenge matrix, and the solutions that answer those challenges by geographies and verticals is where the business is there to be done.”
Defence in depth
But above all, Katie McCullough, CISO at Panzura, says DPaaS is about a defence in depth strategy. “There are too many subtleties and attack vectors, and you can’t always know what the new one is going to be,” she says. “All those things can be variable in your environment, and you don’t even know what some of your business units are going to do to, unfortunately, inject risk into your environment. If you don’t have a defence in depth strategy at all layers of your infrastructure, data and applications, you’re going to have blind spots.”
She adds that businesses with multiple locations, perhaps across countries, must share data across those locations nearly in real time and therefore should have technology that helps facilitate that and make sure you’re using technologies that provide the fastest backup and restoration.
“But there’s so much beyond just detection and protection,” Katie adds. “You must be testing your data, the restoration, the ability to restore data, certainly at a file level, but also at a complete file system level and incorporating that testing on a regular basis is core to any kind of service. Customers are asking for that more and more.
“There’s just so much data: you must have insights into that data to make sure you know where it’s at, to make sure you know how to control it, compress it and dedupe it. We’ve got to continually advance the technology to make sure we’re keeping those costs where the customer needs it to continue for them to be profitable, but also give them the insights that they need about the data, whether that’s business requirements or just protection of the data.
“It’s not just an IT conversation anymore. You must talk to application owners, business owners, about how they’re using their data to grow the business, but also what are the things that they’re concerned about with it? Is it intellectual property? Customer information? It’s understanding their business and data. We found that working with their users and understanding how they’re using the data has been the most advantageous for us.”