2020 is here, and nothing says the New Year is here for the technology community like a set of IT predictions. Not wanting to miss out on the fun, I’m putting on my prognosticator’s hat and jumping into the fray with a few thoughts on what we can expect this year in terms of SaaS, cloud, data protection, and disaster recovery (DR).
The problem of protecting SaaS data will become even more acute
SaaS is growing fast. Gartner estimates that SaaS global revenue will grow 18.5% over last year to $94 billion in 2019, and by 2022, it will grow another 53% to $143.7 billion. If you need further proof, research from Okta notes the number of SaaS applications that large organizations use grew by 68 percent from 2017 to 2018.
Unfortunately, most organizations think they don’t have to protect SaaS data. A recent study from 451 Research shows that nearly three-quarters of all organizations either rely on the vendor to protect their data or they have no protection at all. And while the vendor does usually protect data against catastrophic infrastructure failure or breach, if your VP of sales accidentally deletes an important email, your SaaS provider won’t likely be able to help you recover it.
I expect to see IT professionals increasingly come to realize the risk they run by not protecting SaaS data and start taking measures to mitigate it.
IT and courts start working out details of CCPA and GDPR
The EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA – which goes into effect next month) and other recently enacted laws regulating individuals’ data determine everything from where data may be physically stored and how it’s secured to when organizations must delete personal data upon request.
For the most part, the regulations are clear, but there are areas of ambiguity, and they’re important.
Regarding the right to be forgotten, GDPR states that organizations must delete individuals’ data should they request it, but how far does that requirement go? Does an organization have to delete information stored in backups? That’s an expensive, cumbersome and potentially impossible requirement. Even if one is able to determine every backup file that contains an individual’s data, it’s unclear how it could be removed without destroying the integrity of the backup file, which is likely heavily compressed and deduped.
As for CCPA, once the law goes into effect, there are many questions that need to be addressed. For example, while GDPR expressly says that organizations do not need to delete data about deceased individuals, CCPA is silent on this issue. There’s also some confusion about who qualifies as a “business” and a “third party.” It’s important to know because each category has different responsibilities.
In 2020, the courts and, potentially, revised laws will make some significant progress in clarifying these issues.
IT pros and CIOs increasingly rely on experts to leverage cloud for backup and DR
Backup and, to a lesser extent, DR were among the very first use cases for the cloud. After all, it’s not terribly hard to point your systems to place backup files in S3, Azure Blob Storage or any of the other cloud storage services. Boom — you’ve got an offsite copy of your data, ticking that item off your checklist.
But while backup is easy, recovery is hard. And unless you’ve got someone on staff with specific cloud expertise (unlikely unless you work at a very large company, given how highly coveted and expensive people with these skills are) you may have a difficult time getting your data back when you need it. Sure, individual items shouldn’t be too hard to restore, but if you’ve had an entire server go down, the situation becomes much more complex.
DR is even worse, because cloud networking and access are totally different from traditional environments. Without very specific cloud skill sets around AWS or Azure, you’re probably not going to be successful with a DR strategy of failing over into a hyperscale cloud.
Don’t get me wrong. The cloud is an incredible resource for backup and DR. But both require expert assistance to ensure smooth recoveries. In the coming year, as more organizations get burned by trying to recover from cloud backup and DR on their own, we’ll see more organizations relying on third parties to help manage their offsite backup and DR with the cloud.
Want to learn more about how OffsiteDataSync can help your organization with data protection and DR?