As we start the New Year off, we would be remiss if we didn’t share our predictions on what challenges our customers and partners are facing, and what impact each of these challenges has on the ways they address IT management, data protection and data security. These are based on what our own customers and partners are sharing, and are relevant for the broader IT industry.
With the average enterprise having over 217 SaaS applications in addition to their Public Cloud Services and on-prem services, there is no wonder customers are thinking hard about how to keep themselves and their data protect.
SaaS Protection Moves Into the Top Ten Challenges Facing IT
While the continued rise of SaaS apps, more than 30,000 available worldwide, and their use in most enterprises continues unabated, issues around compliance, regulatory requirements, and the ability to recover in light of simple human error or deletion are becoming more than just mainstream concerns. Also, considering recent reports where more than half of successful ransomware attacks occur through SaaS applications, it will become imperative for organizations to make sure they have both a way to protect and recover SaaS application data in the inevitability of data loss.
The Shared Responsibility Model as we Know it Will Continue to Evolve
Much as the Terms of Service of many SaaS application and software vendors has taken on the shared responsibility common in cloud use. This model will continue to evolve as vendors remain responsible for the security, availability, and support for the services of their infrastructure, and users remain responsible for data protection and recovery. We need to tackle the shared responsibility model, where SaaS vendors provide the service but relinquish responsibility for data protection and recovery. Recognizing this, and acting upon it, is crucial for averting a potential SaaS data apocalypse.
The Use of Artificial Intelligence and LLMs Will Stretch IT Security
No one argues that AI is here, and here to stay. However, the amount of new data that AI creates will require new ways to manage it. This is also true for the number of new applications including SaaS that are created using AI and associated tools and solutions. The one constant throughout the growth of this new data source is that like many SaaS applications in existence today, there are fewer than a handful of solutions available to protect and recover the varied data sources at enterprise-class scale. The acceleration of AI coupled with the rate of delivery of new SaaS services will also focus IT on regaining control of modern IT environments through proactive management and visualization. Knowing what you need to control and manage starts by understanding what you have in your IT environment. And, you will see innovative uses of AI to do this.
Regulatory and Compliance Will Drive The Need for SaaS Protection
As new requirements emerge and older ones take on renewed focus like The Network and Information Security 2 (NIS2) Directive in the European Union (EU), cybersecurity reporting and the need to ensure data is protected and compliant will gain momentum. This is not just true for regulations in the EU but extends to emerging requirements in the United States and other countries. In the US, The Securities & Exchange Commission’s (SEC) new Regulation S-K Item 106, which went into effect December 2023, requires details on the policies and procedures to identify and manage cybersecurity threats including operational risk, intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy laws and other litigation and legal risk, and reputational risk. For publicly traded companies, they will need to not just leverage existing frameworks and best practices for risk management, such as the NIST Cybersecurity Framework and the IEC 62443 Standards but establish best practices and processes to address data protection and recovery in light of these requirements. There are also implications to whom is ultimately liable if necessary, requirements are not put in place leading to broader individual exposure at executive levels making the need for better SaaS protection personal.
It’s Not a Matter of If, but When AND Where
With the rise of ransomware attacks hitting more companies than ever before, and the frequency of attacks shrinking from every 11 seconds to every six and predicted to be at every two seconds by 2030, there is ultimately no way to prevent them from happening. The focus then shifts on if it’s possible to recover any, and hopefully, all data that has been compromised due to an attack, without having to pay a ransom for it. And, with the number of sources of attacks rising from traditional infrastructure exposures to SaaS apps to generative AI, the ability to know where specific exposure points are and how to observe where data may be left unprotected will become a new focus beyond just throwing more resources and money at prevention and detection. There will be significant advances in visualizing data across locations, and source, to help IT departments better manage their IT resources and ensure no data is left unprotected or exposed in the event of an attack, or even simple human error.
We’d love to hear what you think. Any predictions you think we missed? Let us know and we’ll share a best of the best of additional items in a future blog.
Interested in learning more?
- Unlock R-Graph for your customers to visualize what needs to be protected
- Learn more about how to protect against Ransomware with R-Score
- Be sure to watch our NIST Framework 2.0 webinar