Why Cloud Data Protection Is a Core Business Requirement

The more we advance and become smarter and more efficient through new technology, the greater the opportunity for IT to inadvertently fall out of alignment with business goals. By this I mean, technology simplifies things, so users have the opportunity to bypass IT involvement and set up new processes which start driving part of the business. The downside is if you don’t have systems in place to protect these new processes, they become adopted without the benefit of protection around it.

Contributed Article: Time for a New Conversation On Cloud Data Backup

Niels Van Ingen, Keepit’s Chief Customer Officer, has contributed a blog post on how cloud backup is essential for protecting business data and ensuring continuity.

This conversation revolves around how cloud data protection is a must-have for any organization: protection that is secure, reliable, and accessible from anywhere. Van Ingen, a veteran of the data protection and management space, provides insight on this imperative. 

What he refers to as a “wild west” mentality, he sees there is a lack of holistic data security planning which can lead to profound consequences for enterprises. Van Ingen shares how businesses should frame the discourse around cloud applications to safely manage the ever-growing dependence on them and the data they produce to minimize (or in some cases eliminate) business disruption. 

Read the full article “The Business Case for Data Backup and Recovery” from Disaster Recovery Journal here

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

What Is the NIS2 Directive?

On November 10, 2022 (published on 27 December 2022), the EU Parliament adopted new legislation (the NIS2 Directive) to strengthen EU-wide cybersecurity resilience which includes, among other requirements, a crystal-clear requirement for backup and disaster recovery.

The Network and Information Security Directive (NIS2) is a response to the increased exposure of Europe to cyberthreats and the fact that the more interconnected we are, the more we are vulnerable to malicious cyber activity. The regulators hereby set consistent rules for companies and ensure that law enforcement and judicial authorities can work effectively and raise the awareness of EU citizens on cybersecurity.

Keepit supports the EU initiative on protecting our digital infrastructure, our sensitive business data, as well as our personal data.

What Is the Purpose of the NIS Directive?

In comparison to the first NIS directive, the purpose of the NIS2 Directive is to expand the requirements and sanctioning of cybersecurity to harmonize and streamline the level of security across member states—and with tougher requirements for several sectors.

The European Parliamentary Research Service (EPRS), in a briefing on the NIS2 Directive, tells that due to the fact that cyberattacks are quickly growing in number worldwide, as well as increasing in scale, cost and sophistication, “the Commission has submitted this proposal to replace the original NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements.”

So what has lead to the need for more requirements? According to the WEF Global Risks Report 2023, it is because:

The ever-increasing intertwining of technologies with the critical functioning of societies is exposing populations to direct domestic threats, including those that seek to shatter societal functioning.

Who Does NIS2 Apply To? Which Sectors and entities?

The directive applies particularly to two categories, with those two being “essential” entities and “important” entities. 

The following are classified as essential sectors: 

  • Energy (electricity, district heating, oil, gas, and hydrogen) 
  • Transport (air, rail, water, and road) 
  • Banking (credit institutions) 
  • Financial market infrastructures (marketplaces) 
  • The health sector (healthcare providers and manufacturers of pharmaceuticals, etc.) 
  • Drinking and wastewater 
  • Digital infrastructure (including providers of cloud services, data centers, domain name systems (DNS), top-level domain registries (TLD) and public communication networks) 
  • Information and communication service providers (ICT services) 
  • Providers of managed services and managed security services 
  • Public administration  
  • Space  

The ‘important entities’ includes public and private entities within: 

  • Postal and courier services 
  • Waste management 
  • Manufacture, production, and distribution of chemicals 
  • Manufacture, processing, and distribution of food 
  • Production of i.a., electronics, machinery, and motor vehicles 
  • Providers of certain digital services (online marketplaces and search engines and social networking services) 
  • Research (higher education institutions and research institutions). 

If you are an entity that provides a service that is essential for the maintenance of critical societal and/or economic activities—for example, a transport company—you are, in the eyes of the law, classified as an “operator of essential services.” 

This classification will entail a lot of pressure on your technical and organizational structure and capabilities due to the extensive risk management security you are required by law to implement and maintain.

NIS2 Requirements, Risk Management, and Security Measures

The current NIS Directive requires the covered entities to take appropriate and proportionate technical and organizational measures to manage security risks and limit the damage in the event of a security incident. 

The NIS2 Directive continues this requirement and sets out additional requirements for appropriate security measures, which must now include as a minimum: 

  • Policies for risk analysis and information security 
  • Incident handling 
  • Business continuity, such as backup management and disaster recovery and crisis management 
  • Supply chain security, including supplier management/security 
  • Security in connection with the acquisition, development, and maintenance of network and information systems 
  • Policies and procedures for assessing the effectiveness of measures to manage cyber security risks 
  • Guidelines for basic ‘computer hygiene’ and cyber security training 
  • Policies for Use of Cryptography and Encryption 
  • Employee security, access control, and asset management 
  • Securing internal communication systems. 

Negotiating and Navigating the NIS2 Directive 

A dedicated backup and data management solution can help your organization implement resilient data protection and management services for your SaaS workloads, such as Microsoft 365 and Salesforce.

Keepit offers a suite of services for your SaaS data which can help you comply with the legal requirements of the NIS2 Directive with the overall goal of protecting your business continuity. 

However, you need to decide which functions are essential and determine how ready you are to maintain those critical functions after an emergency or a disruption—and finally allocate the available budget accordingly. Read our article: Data Compliance Makes Third-Party Security a Must. 

Governance 

With the NIS2 Directive, the governance provisions are tightened as the responsibility for violation of the NIS2 Directive is not only imposed on the legal entity but on the management itself. 

Thus, management must approve the risk management measures taken by the entity regarding cybersecurity and oversee implementation and maintenance. What’s key to a backup strategy? Read our blog post on the 3-2-1 backup rule here.

To ensure sufficient competencies, management members must regularly follow specific courses to obtain the necessary knowledge, insight, and skills to understand and assess cybersecurity risks and management practices and their impact on the entity’s operations.  

Supervision, Enforcement, and Sanctions 

According to the NIS2 Directive, the competent national authorities must oversee compliance with the directive’s security and notification requirements based on specific incidents—and the competent authorities are empowered to issue certain orders.

What Are the Costs of Non-compliance?

The competent authority can, among other things, issue warnings and orders and (particularly materially) temporarily suspend or request that a person with management responsibility (CEO or another senior member of management) be temporarily suspended from exercising management functions in the entity.

The NIS2 Directive also tightens the sanction options. In addition to having to ensure that violations are punished with sanctions that are effective, proportionate to the violation, and have a dissuasive effect, the competent authority in the Member States now has the concrete possibility to impose administrative fines if the entity does not comply with the directive’s requirements for risk management measures or reporting obligations.

The administrative fines are as follow: 

Essential entities – as a minimum – can be fined up to a maximum of 10 million EUR or 2% of the company’s total global annual revenue.

Important entities – as a minimum – can be fined up to a maximum of 7 million EUR or 1.4% of the company’s total global annual revenue. 

When Does It Begin? Timeline and Important Dates 

The EU member states will now have 20 months to transpose the new directive into national law. Want to know more about the important dates and the timeline surrounding NIS2 entering into force? Go to https://www.nis-2-directive.com/ to learn more about the important dates. 

What Are the Next Steps? Educate with Further Reading 

We recommend starting to educate yourself and your organization on the legal requirements and to start mapping for compliance gaps with the requirement for risk management and risk measures. You can read the EU Parliament briefing of the legislation here. 

For those wanting an in-depth look into the matter, the European Parliament has shared the full texts adopted regarding this proposal, which can be read in PDF format here

Beyond the NIS2 Directive, Keepit delivers a solid return on investment beyond the critical compliance requirements. Check out our post entitled “What’s the Return on Investment (ROI) of a cloud backup solution” here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

4 Keys to Consider When Evaluating Cloud Data Protection Tools

External Article by Keepit Staff

Keepit’s Chief Customer Officer (and frequent contributing author to the Keepit blog) Niels van Ingen has been featured in Solutions Review as part of their “Premium Content Series” written by industry experts. 

As a true veteran in the data protection and management space — not only from a product point of view but also from a customer and business development one — Niels covers what he finds are the most important elements to consider when evaluating cloud data protection offerings.

Those who work in IT disaster recovery understand that data is perhaps a business’ most valuable asset that needs protection all day, every day. Implementing a SaaS backup and recovery plan is essential for nearly every aspect of business operations, and those who have not made it a top priority are literally flirting with disaster.

To read the full article entitled ‘4 Keys to Consider When Evaluating Cloud Data Protection Tools’ on Solutions Review, click here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

Backup Strategy and the 3-2-1 Principle

Data loss comes in all sizes: small (individual files), medium (SharePoint site), and large (ransomware and disaster recovery). No matter the size of the loss of data, none of them are fun, and even the smallest of data loss events could leave you lacking your most critical data. That one spreadsheet or that one hard disk drive could have what you and your business rely on most – it’s not always something someone can “just create again” on a whim as data loss is indiscriminate in its impact. All data loss events negatively impact workflow, and all are risk and data protection concerns that ultimately are a business imperative. Proactive data protection through backup and data management is at the forefront of all of our minds—or at least should be. Now why is that? Years ago, the assumption prevailed that cloud services would “take care of everything” once you signed up for a cloud service, with backup being lumped in. But now, more than ever, as the awareness of shared responsibility models for SaaS applications grows which states it is the user who is responsible, it’s clear the onus is on you to have that backup strategy in place. That’s why the 3-2-1 backup rule—a principle established for on-premises infrastructure which requires multiple copies of backup data on different devices and in separate locations—is still relevant to today’s cloud-based infrastructures by providing essential data-protection guidelines.

Why Back Up Cloud SaaS Data, and Why Now?

Your data is critical to your business operations, and in many cases, maintaining control of and access to it is required by law. (Read more about how third-party security keeps companies in control of their data here.)

SaaS Shared Responsibility Model

Software-as-a-service providers have established documentation that clarifies the areas of responsibilities they have and also those responsibilities that are retained by the customer. Microsoft, well known for its Microsoft 365 SaaS offering, delineates the boundaries of shared responsibility in the cloud. While Microsoft does provide some degree of data protection, many people are not aware of the limitations of this protection. The short of it is that Microsoft does not provide suitable backup and restore functionality to customers. Learn more about why your M365 is not backed up (and how to fix it) in our in-depth article here.
And it’s not only Microsoft that has a shared responsibility for their SaaS services. Google (and backup files to Google drive) has what they refer to, almost ominously, as “shared fate” on Google cloud shared responsibilities. Likewise, Amazon Web Services (AWS) have their own shared responsibility model. It’s vital customers know and understand the extent of their agreement.

Risks to Data Security

In the days of on-premises backup, the only credible risks were acts of mother nature and hardware failure. That is, of course, if you ignore software issues. Lots of software (from firmware on RAID adapters to drivers to operating system filesystem implementations and the user applications) problems would cause data loss and a need for restore, from system level down to file level. (That’s one thing I don’t miss about the ‘90s.) However, in the cloud-computing era, the risks have evolved as much as the ways in which we create, share, and store data, so things are much more complicated now. With both the prevalence and penetration of ransomware, cybercrime, and not to mention the increased access users have in order to streamline collaboration interactions and boost productivity, data—the lifeblood of a company—has, in many ways, never been more susceptible to data loss, regardless of whether it’s international (malicious actors, ransomware, etc.) or unintentional (human error, accidental deletion). Sometimes going back to basics can be the place to start in developing or hardening security.

3-2-1 Backup Method

The 3-2-1 principle comes from the days of on-premises data storage. It is still commonly referenced today in the modern, cloud-computing area. Even though it isn’t directly applicable, word for word, to cloud data, this well-known and widely used principle can still be used today to guide security decision makers in their process of improving their security infrastructure against today’s data risks.
Roughly speaking, the 3-2-1 backup rule requires 3 copies of data, across two types of storage media, with one off-site copy stored.

What Is the Origin of the 3-2-1 Rule?

Backup and recovery solutions have existed since long before cloud computing. However, the methodologies have shifted due to the modernization of the infrastructures, behaviors, needs, and of course a lot more variables (but we won’t get into that here), which has resulted in some discrepancies between best-practice principles and their application to modern data infrastructures. This is also the case with the 3-2-1 backup rule, with the biggest change being the shift of how data is created and stored (or rather where). Formerly, production data was created on site and stored in on-premises hardware, alongside one backup copy, and the third being stored off premises and typically on tapes. ComputerWeekly has a feature on if the cloud has made 3-2-1 obsolete. In the cloud era, data is created in numerous places by remote workers in SaaS applications, where it is often transferred around the globe, and is stored “somewhere else” from a business’s physical office. More than likely, the extent of an answer to the question of “where is your data stored” is that it’s in the cloud. But is that backup? And what is true backup in the cloud?

How Does the Rule Apply to Cloud Backup?

We often see iterations of this backup principle in fancy infographics that almost forget to translate the rules to apply to the current scenarios. However, with a few tweaks, there’s plenty of relevant guidance that can help lead to a successful, modern, data security system.
Let’s look at the rules with a modern lens:

3 Copies of Your Data

The ‘3’ in the rule refers to the number of “copies of your data,” with one being the primary dataset in the production environment while the remaining two copies are backups. This is still applicable to modern data protection best practices.

2 Administrative Domains

As mentioned, the ‘2’ can be understood as “two administrative domains” so that copies are managed independently from the other or are stored within separate logical environments. You often see this written as “two types of media,” which is a relic from the on-prem past when it was made up of disks and tapes. Now, it’s about having copies across multiple disks and across two administrative domains so that one data-loss event cannot possibly—or is extremely unlikely to—impact all copies of the data. This is known as a logical gap. Without it, should there be a cloud-wide compromise (such as a breach) or data loss event of the cloud where your primary data lives, your data would not be available to you. One of the best-known examples of this is the Danish shipping giant Maersk and the infamous NotPetya cyberattack, dubbed “the most devastating cyberattack in history” in the full Wired story here. When working “in” the cloud, the building you are in isn’t of any real consequence to the data. Rather, it’s the cloud you are working in and storing data in that matters. In many regards, this step could envelop the step below, “1 copy external,” but in respect to the principle, it serves us here to keep it a separate consideration. Should there be a cloud-wide compromise or data loss event of the cloud where your primary data lives, your data would still be available to you by following the rule. Without doing so, you’ve lost access to your data (or even lost your data permanently), with an impact that has a massive potential for business disruption and costs (as in the case of Maersk).

1 Copy External

Formerly the ‘1 off-site storage copy,’ this still applies for the same reasons as it did in the past: You don’t want to store all of your data in the same exact location, and whether all are aware or not, the cloud is located in physical data centers. From the on-premises days, this meant literally having a copy of disks and/or tapes in a different location from your business in case someone, something, or some event with the power to destroy the building did so. Let’s call this the “in case of fire” step. In cloud computing, this means having a backup copy outside the cloud of the production environment and outside the administrative domain of the other backup. Remember, the cloud is ‘just’ physical data centers, so by working in the cloud, the centers you are storing your data in are of real importance to the data. What if the data center of the cloud you are working in is also the same data center that your backup cloud data is stored in? Should there be a data loss event at that center, all of your data would be at risk from that event. That’s bad.

Use Case: What would this look like in real life?

If, for example, you are working on a Microsoft Word document and you save it to OneDrive that has OneDrive Backup turned on, you’re totally protected, because it says “backup,” right? This is an example where the 3-2-1 principle still helps shed light on modern data protection in the cloud. By following the 3-2-1 rule above, one can deduct that this example isn’t backup (but neither is a lot of what SaaS providers offer as ‘backup’) because true backup requires a logical infrastructure separate from the primary data. As the “in case of fire” step requires, you must have one copy outside of the administrative domain. By working in and backing up OneDrive data to Microsoft’s cloud services, the data remains in the same administrative domain. What if something were to happen to Microsoft servers? You’d lose access to your primary data and the copies “backed up” since they all relied on the same cloud. What’s even worse is that since the backup is configured by “you” (i.e., the admin), a compromise of your account can unconfigure it, too. So, a simple case of ransomware could completely and automatically disable or work around such in-service protections—even leading to immediate backup data deletion. Keepit, on the other hand – aside from being separate (and therefore unlikely to be compromised at the same time by the same mechanism), as a dedicated backup solution – will actually protect even the administrator from quickly or immediately deleting backup data. In this respect, Keepit offers some of the most desirable features of “the tape in an off-site vault” in a modern cloud service solution.

Here’s how to use the 3-2-1 backup rule to ensure you’re covered: Independent cloud

If you’re interested in further reading, check out our e-Guide on SaaS data security for a thorough look into leading SaaS data security methodologies and how companies can raise the bar for their data protection in the cloud era. Convinced you need backup, but want to know more about data protection and management for your particular SaaS application, then explore how Keepit offers cloud data backup coverage for the main SaaS applications here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

Zero Trust: What Is It and How to Implement

Zero Trust and Data Security in Companies 
Due to the surge of ransomware attacks, the increased risks for data loss, and the continuous adverse effects cybercrime poses, many organizations have adopted the zero-trust principle to harden the security of their systems, thereby increasing their cyber resiliency.

Cyberattacks have become so ubiquitous that the Biden White House issued a statement urging American business leaders to strengthen their organization’s cybersecurity measures.

As it stands, GlobeNewswire reported that zero trust security is expected to reach a market value of $29 million USD by the end of 2022 and increase to US $118.7 billion by 2032. This significant growth in the coming decade comes from the value zero trust brings companies.

 

The simple fact is that business leaders are following its principles, like consistent monitoring and validation, because these principles help prevent data breaches and mitigate data loss.

This post will dive into what the zero principle is, as well as its capacity to tighten workplace data and security, effectively ushering in what Microsoft calls:

A new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located.

What are the cybercrime trends that zero trust can help curb?

One trend that’s risen in recent years is ransomware. Ransomware cripples businesses by locking their computer systems until a sum of money is paid. These attacks are expected to have a price tag of $265 billion USD annually by 2031, according to Cybersecurity Ventures.

With how easy it has become for ransomware gangs to deploy ransomware on a multinational scale, businesses need to deploy enhanced cybersecurity solutions to lessen system vulnerabilities, because “when it comes to ransomware attacks, it’s a matter of when, not if.” Read more from the Keepit blog article on how to prepare for ransomware.

It should come as no surprise that ransomware attacks can result in operational downtime. A Statista report stated that the average length of interruption after ransomware attacks is 20 days.

 

Even minor disruptions can decrease employee productivity, impede communications with clients—among other issues such as the significant fines Marriott faced—and impact business continuity. One might struggle to fully comprehend the serious implications that 20 days of downtime would have for businesses.

Zero trust, in a nutshell, is guided by the principle of ‘never trust, always verify.’

Why Zero Trust?

Zero trust, in a nutshell, is guided by the principle of “never trust, always verify.” It’s a modern security architecture which assumes that internal and external threats exist on the network at all times due to the pervasiveness of cybercrime. And as such, it requires all network users to undergo verification and validation processes before they can access the network resources.

Is zero trust really needed?

Generally, employees within a company access multiple networks simultaneously. There are many, many data exchanges between multiple user devices, across potentially numerous networks – of course, depending on the complexity of a company’s IT infrastructure.

 

This architecture boosts productivity through increased collaboration. However, this can come with a hidden risk when not following the zero-trust security model.

Zero trust use cases

What might that risk look like? Let’s suppose that one employee working on a single device is validated as “trusted.” But that device has become infected with malware by the user opening a dangerous email. (Learn how to identify a dangerous email.)

Since this user’s device was previously validated and is now assumed harmless, it still has access to all the users and networks as before being infected without having to provide or verify any credentials.

The result is unrestricted access to spread malware from this “trusted” device to other users within the network and to other devices within overlapping networks, allowing the malicious actor to expand their reach and damage, gaining access to more and more of a company’s business-critical data.

This example is the main reason zero trust architecture rejects assuming any device is safe. Rather, the system reduces risks through continuous authentication, thereby enhancing protection for your company’s network system by always verifying and authenticating. According to TechTarget:

This protects your organization in ways other models can’t. It stops malware from entering your network; gives remote workers more protection without affecting productivity; simplifies management of security operations centers with enhanced automation; and extends visibility into potential threats to improve proactive remediation and response.

TechTarget

How to Adopt Zero Trust  

According to a Microsoft zero trust business plan, “digital transformation forces re-examination of traditional security models.” And as such, there are many companies offering guidance. Microsoft alone has helped aid zero trust deployments in thousands of organizations with insightful (and practical) guides on how to adopt a zero-trust business plan.

Global cybersecurity leader Palo Alto Networks shares that there are three crucial steps you need to follow to deploy zero trust architecture in your business:

  1. Define your protected surface: Zero trust architecture can be costly and complicated. As such, identify your protected surface—including components like company applications and assets— rather than focusing on a large network area.

    If your business utilizes Microsoft 365, then you’ll know that documents, email, SharePoint data, and Teams chat must be secured against cyberattacks. Attackers can breach an account with access to the data or hijack your system admin, making it imperative to find a SaaS data backup solution that can maintain multiple backup copies with the needed granularity of data and metadata.

  2. Map your data flow: Plan your business’ flow of instructions and data as this will provide you with information on overlapping networks.

    For instance, where and in which formats is the data stored? If your employees utilize digital, desktop, mobile, or cloud, identify them so you can see how data is moved and shared.

  3. Design your architecture: Essentially, the network architecture should prevent unauthorized access to individuals who aren’t part of your company.

    This is especially relevant if you want to encrypt data before it moves to cloud storage devices. If you want to back up your company’s Microsoft 365 data, for instance, we offer blockchain-based encryption technology that guarantees your backups will remain immutable to ransomware threats and data loss. At Keepit, we also offer comprehensive coverage for M365 applications such as SharePoint, OneDrive, Groups and Teams, and Exchange Online.

Of course, implementation isn’t as simple as one, two, three: It involves a massive undertaking and a focused effort to implement and maintain. There are many, many other variables and considerations.

 

For instance, you can also adopt multi-factor authentication (MFA) and ensure use of updated devices.

  • MFA is especially relevant for companies who have stored their digital information on cloud computing systems. With MFA, you can prevent unauthorized users from accessing your organization’s resources.
  •  Similarly, encourage your workforce to update their devices with the latest firmware as this typically offers security patches for known vulnerabilities.

Continuously monitor your network and device attributes. Adopting zero trust architecture can prove futile if your workers do not audit and maintain a log for monitoring network traffic.

Do I still need to get backup for my SaaS data?

Ultimately, zero trust makes it much more difficult for external threats to gain access to an organization’s business-critical data – but not impossible. It also does not protect you against internal threats nor from human errors such as accidental overwrites and accidental deletions.

Data protection best practices tell us to always have a backup. That is a fundamental responsibility for you, the data creator and customer of a SaaS service like Microsoft 365, due to the well-documented yet often misunderstood shared responsibility model.  Securing an independent backup is still the best way to ensure 24/7 availability to your data.

With the offerings from specialized third-party backup and data management providers, peace of mind can be had quickly and from a cost-effective service. This is why Keepit was created: Your data, here today, here tomorrow.

Want backup now?

Learn more about Keepit’s SaaS data backup service offerings here.

If you’d like to explore more about backing up a particular SaaS workload like Microsoft 365, find the relevant Keepit blog posts below, as Keepit offers a suite of cloud SaaS data protection services:

  • Read our blog about why you need to back up M365
  • If you’re using Salesforce, read that blog article here
  • Why back up Active Directory (Azure) here
  • And for Google Workspace
  • Finally, read why to back up Zendesk here

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.