Data Protection for SaaS – Why it is needed?

Saurabh Singh & Shashanka SR

Technical Marketing Engineer, Cloud BU, Netapp Inc

25th May, 2017

© 2017 NetApp, Inc. All rights reserved. --- NETAPP CONFIDENTIAL --- 1

© 2017 NetApp, Inc. All rights reserved. 2

The Taxi Vs Self-Owned Car Analogy

Agenda

1) SaaS Application – What comes to your mind?

2) On-Premise Data Protection Strategy

3) SaaS Application Data Protection

4) How to evaluate a Backup/Recovery Solution for your SaaS provider?

5) Integrating to a SaaS application platform

6) Demo

© 2017 NetApp, Inc. All rights reserved. 3

4

SaaS Applications – What comes to mind?

© 2017 NetApp, Inc. All rights reserved.

5

,

“Although Salesforce does maintain backup data and can recover it, it’s important to

regularly backup your data locally so that you have the ability to restore it to avoid

relying on Salesforce backups to recover your data.”

----Salesforce Help

Microsoft advocates to take backup of your O365 data for your own peace of mind.

Know More

Backup goes back to maximum 30 days. Need to contact Servicenow support to recover any data.

For longer retention of purged data, need to have Gvault or external backup.

Your Data is Your Responsibility

On-Premise Data Protection Strategy

© 2017 NetApp, Inc. All rights reserved. 6

Pros

Administrative Control

Flexible RPO/RTO

Multi-Layered Data Protection

Self - Controlled IT Infrastructure

Requirements

Backup Infrastructure

Operational Overheads and Expenses

On-Premise Data Protection

7 © 2017 NetApp, Inc. All rights reserved.

SaaS Applications Data Protection

© 2017 NetApp, Inc. All rights reserved. 8

What SaaS Data Protection means? What are different aspects of SaaS Data Protection?

Defence in Depth

Break Detection & Prevention

SIEM – Security, Information and Event Management

Privacy Security Availability Regulatory Compliance

• Broader

• Notice/Consent

• Openness

• Relevance

• Regional

• Sensitivity

• Content Limits

Application Design & Architecture

Design for Performance

Graceful Exits,

Instance Isolation

Service Level Agreements

Uptime Guarantees

Maintenance & Outage Management

Contractual Obligations

Indemnification Clause

Global Legal Compliance

Local Regulatory Laws

SOX

SEC

HIPAA

FedRamp

Audit Compliance framework

© 2017 NetApp, Inc. All rights reserved. 9

Backup/Recovery

Organizational RPO/RTO

Data Retention

Restore Granularity

Flexible Recovery Points

What drives you to backup Data?

Accidental Deletes by users

Use of 3rd Party Applications

Malicious Intent

New Configuration and Deployment

SaaS platform issues like Database corruptions and Storage Failures

Ransomware/Virus Attack/Hackers

What could cause a Data Corruption or Loss in the SaaS world?

© 2017 NetApp, Inc. All rights reserved. 10

Victim Demographics How many Data Breaches Happened? How many of it resulted in Data Loss?

http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf

© 2017 NetApp, Inc. All rights reserved. 11

362 44 4 9 254

2,707 1,368

166 1,028 1 171 11 17 916

47,237

11 370 15 31 24

9,453

0

5000

10000

15000

20000

25000

30000

35000

40000

45000

50000

BR

EA

CH

CO

UN

T

INDUSTRY

Industrywise Data Breaches

282

18 1 4

29 38

795

115

194

0 37

7 11

53

193

5

182

4 15 7

270

0

100

200

300

400

500

600

700

800

900

DA

TA

LO

SS

INDUSTRY

Breach Causing Data Loss

How SaaS Application Backup Data?

Keeping Multiple Copies of the Data

Weekly full redundant backups

Daily incremental backups

Backup retention for a limited period

RPO and RTOs

Regulatory Compliances

Out of the box Backup & Recovery offered by SaaS providers

12

It’s designed for Service Availability issues.

© 2017 NetApp, Inc. All rights reserved.

No customer centric backup solution

Backup Data Retention

Unreasonable RPO and RTOs in case of a Data Loss

Restore Granularity

Cost associated with recovery

Meeting Compliance Requirements

SaaS Backup & Recovery – What is lacking? Issues with SaaS Application provider Data protection Strategy?

© 2017 NetApp, Inc. All rights reserved. 13

Evaluate a Data Protection Solution for your SaaS provider?

© 2017 NetApp, Inc. All rights reserved. 14

Ask the right questions?

Cost

Flexible RPO/RTO

Data Security – Both In-flight and At Rest

Meeting Security Standards and Compliance

Self-hosted Vs SaaS/Managed Backup application

What questions you should ask while finalizing on a SaaS data protection solution?

© 2017 NetApp, Inc. All rights reserved. 15

Ease of use

Restore Granularity

Multi-SaaS vendor Support

Backup Retention

Criticality of the Data

Integrating to a SaaS application platform

© 2017 NetApp, Inc. All rights reserved. 16

Considerations for Integrating to SaaS platforms

Understanding the SaaS application workflows

Understanding the Platform Layout

Authentication Mechanism

Protocol used (Usually OAuth 2.0)

OAuth endpoint

Data Model

APIs Exposed by the SaaS platform

API limits for the Platform

© 2017 NetApp, Inc. All rights reserved. 17

Demo

© 2017 NetApp, Inc. All rights reserved. 18

19

Thank you.

© 2017 NetApp, Inc. All rights reserved. 20