The very mention of data governance and compliance can send shivers down the spines of corporate IT professionals, particularly for those who recognize they aren’t ready to handle a major data breach or other situation that compromises mission-critical data.

The increased focus on data compliance creates even more headaches as state and federal regulations are constantly changing, adding more pressure to comply as a means to avoid a regulatory audit and the unpredictability of a public relations nightmare.

So, why is regulatory compliance so important?

The answers can vary from company to company but protecting mission-critical data is not only necessary for business continuity, failure to comply can lead to financial and legal exposure such as lawsuits, fines, settlements, certification losses, and data breaches. Some estimates say compliance failures cost businesses nearly $1.5 billion annually and growing.

If you believe data compliance won’t adversely affect your company, look at these real-world examples of what can happen:

• Target Corporation agreed to an $18.5 million settlement with 47 states for its 2013 holiday data breach where cybercriminals stole $40 million in credit and debit records.
• Uber’s sub-par handling of its 2016 data breach that impacted 57 million rider and driver accounts cost the company almost $150 million.
• Equifax lost over $575 million in 2017 when it failed to fix a critical vulnerability that compromised the financial and personal information of over 150 million individuals.
• Marriott International received a $124 million fine from the General Data Protection Agency in 2018 when a cyber incident dating back to 2014 containing over 338 million guest records came to light.

The Solution? Deploy a Third-Party Cloud Backup Service

For companies committed to minimizing or avoiding these risks, it pays to be nimble and prepared particularly since data backup and recovery are so inextricably linked to compliance. Think, for example, how difficult it would be to pass an audit with missing data. 

So, who is ultimately responsible for data backup and recovery? If you believe it’s your cloud service provider, think again.  You may be surprised to learn that most SaaS vendors don’t automatically back up data for long periods and lack critical, built-in security measures to protect data. While they may be able to back up some of your data during a breach incident, most lack the ability to quickly and easily recover your data and make it immediately accessible. 

That’s why third-party backup and recovery services like Keepit are your best bet to ensure business continuity, stay in compliance, and keep costs predictable. 

Part of what makes Keepit’s backup and recovery solution so effective is how we deploy blockchain technology, which makes it possible to achieve data immutability to meet increasing compliance standards without having costs skyrocket. 

Blockchain has gained market familiarity and acceptance in the cryptocurrency industry like Bitcoin and Ethereum because its hashing technology helps improve transparency and data security around distributed transactions.  

One of blockchain’s drawbacks with cryptocurrency, however, is authentication, which is slow and resource demanding. Keepit’s solution, on the other hand, features all the benefits of blockchain technology but is fast and doesn’t consume expensive resources. This, in turn, makes achieving compliance much easier and more convenient. 

How to Increase Your Focus on Compliance
So, what’s the fastest and most cost-effective third-party data protection your company can deploy? Enter the Keepit cloud. 

Because it is built on secure, blockchain-verified technology, Keepit ensures data remains immutable and tamperproof – always.  This is important for compliance because with immutable data and metadata, it’s possible to document and recover not just all data but all data processing, further ensuring that auditors have full visibility to everything that has impacted the data. 

Learn more about how Keepit can help your company quickly recover from any data loss event – even ransomware attacks – to keep your company’s data always secure, always available, and always compliant with the latest regulations.
Keepit is a dedicated backup and recovery service providing your company with secure cloud data backup for the core SaaS applications, including Microsoft 365, Salesforce, and Google Workspace. 

Ransomware attacks are on the rise — in the first half of 2021, the average amount paid by organizations to perpetrators of was $570,000, an increase of 171% over the previous year. (1)

Last year also saw a 93% increase in the overall number of ransomware attacks (2) – a trend that is only likely to continue. While such attacks were once limited to outlandish movie plots, they’ve become an all-too-real problem for organizations of all sizes. In fact, when it comes to ransomware attacks, it’s more likely to be a question of when, not if.

Our concern at Keepit is that the regularity of ransomware attacks may lead to them eventually being dismissed as just a cost of doing business. But by choosing to pay the ransoms demanded, companies are powering a vicious cycle where the proceeds fuel increased cybercrime. (And paying a ransom does not guarantee getting your data back, as documented in the report ‘The Long Road Ahead to Ransomware Preparedness’ from ESG)

It’s vital for the sake of commerce – and for society – that companies, governments, and law enforcement agencies come together to find long-term solutions to ransomware attacks.

In the short-term, we encourage companies to invest in a third-party backup and recovery service to minimize the threat posed by encrypted malware. The more secure your data is—and the quicker you’re able to recover it—the less worried you need to be about ransomware attacks.

At best, an attack won’t affect business continuity – it’ll just be a nuisance rather than a crisis. If you know your data is safe, you don’t have to pay the bad guys’ ransom. Problem solved.

Summing Up 

The disruptive power of ransomware attacks in 2022

An increasingly common threat, ransomware attacks are forecast to cost victims around $265 billion annually by 2031. (3) With conventional data recovery times often taking weeks or even months, the disruption to companies can be catastrophic in terms of financial costs to your business. But the damage goes beyond the bottom line. Additional impacts of ransomware attacks in 2022 are likely to include:

• Intellectual property cost – temporary or permanent loss of sensitive or proprietary information can be enormously damaging. 
• Business continuity – disruption is frustrating and costly as companies struggle to restore data and operations 
• Reputational cost – a ransomware attack can damage customer perception of the company and impact digital trust. 

Why Keepit is the answer

Keepit backs up to an independent cloud, separate from your SaaS vendor’s environment, which means your data can be accessed completely independent from SaaS application availability. True backup—immutable and tamperproof on a separate logical infrastructure — is your answer to ransomware attacks. 

 

For more details about Keepit’s dedicated SaaS data protection, read about our security on our website 

References

1. Research from Palo Alto suggests the average ransom in the first half of 2021 is $570,000 USD, an increase of 171% over the year prior; see Average Ransomware Payment Hits $570,000 in H1 2021 [Dark Reading] 
2. Research from Check Point reports that ransomware incidents increased 93% year over year; see Ransomware attacks increase dramatically during 2021 [Computer Weekly] 
3. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/

The top 3 misconceptions made by Google Workspace admins

If you’re wondering, “is my data truly protected by relying only Google Workspace’s default backup and recovery solution,” then you’re in the right place. Cloud applications, like Google Workspace, are an integral part of our daily life – we push data to the cloud constantly. I do it when I send an email on Gmail, share a document with coworkers via Drive, or add my mother-in-law’s birthday to my Google Calendar (better not forget it again!).

But is relying on Google’s default data protection enough? What are the main misconceptions when it comes to Google Workspace data backup and recovery?

Misconception #1: Relying on Google Workspace’s default data protection is enough

If you think Google apps is a secure platform, you’re right: Google platform is a secure, resilient, and reliable solution, and protecting data is their top priority.

As much as Google will likely never lose the data you are storing on their platform, they do not cover you if the data loss happens from your side. Google’s default data protection does not protect you against human error, malicious actions, ransomware and hackers, and synchronization errors. You are responsible for ensuring the necessary protection of your data.

Based on an Enterprise Strategy Group (ESG) survey, only 13% of the businesses surveyed understood that protecting their SaaS data is their responsibility, not the responsibility of the SaaS vendor.

According to ESG SaaS data protection research, 45% of organizations using SaaS attribute data losses they’ve experienced to deletion, whether accidental or malicious. When this happens with Google Workspace, Google is not able to identify if the deletion was intentional or not. The data will be deleted and totally unrecoverable once past Google Workspace trash bin’s retention time, a mere 30-days later.

You need a solid backup and recovery solution for your Google Workspace.

Misconception #2: I don’t need a third-party backup and recovery solution, I have Google Vault

As a subscribed user to certain editions of Google Workspace, you have access to Google’s retention and eDiscovery tool: Google Vault. With Vault, you can retain, hold, search, and export some users’ Google Workspace data.

Yet, Google Vault is not a backup tool. To this frequently asked question, “Is Vault a data backup or archive tool?” Google itself answers, “No. Vault isn’t designed to be a backup or archive tool.”

Based on Google’s own support website, here are reasons why you shouldn’t use Google Vault for backups:

• Vault exports aren’t designed for large-scale or high-volume data backups. You can export data for a limited number of accounts and only for one Google service at a time. Vault also doesn’t allow many parallel exports or scheduling automatic exports.
• Vault exports are prepared for legal discovery purposes, not efficient data processing. Vault can’t create differential backups or deduplicate data. For example, a Drive export includes all items the searched account has access to. When many accounts have access to the same items, they’re exported for each account, resulting in lots of duplicated data.
• Vault doesn’t support all Google services. Vault can export data only from supported Google services. Vault doesn’t support services such as Calendar for instance.
• Restoring data from Vault export files is hard. Vault doesn’t have any automated recovery tools.

Google Vault is not designed to recover lost or corrupted data and it cannot perform a which is a critical feature of any third-party backup and recovery tool.

Additionally, Google Vault does not keep ex-users’ data. For example, if an employee departs from your company and, as the admin, you delete his user Google Workspace account, all his data saved within their Vault will be also deleted. To save those data, it would require you to transfer all the employee’s data out of the Vault before deleting the account.

Misconception #3: A third-party tool can only help with backup data

By now, you know that backing up your Google Workspace data is your responsibility, not Google’s. It’s a common misconception that third-party backup solutions are a cost center purely performing secure backup and allowing for data recovery. These are the fundamentals, but there’s much more to it:

Benefit #1 – Cost savings

Budget constraints are making it harder than ever to implement new IT initiatives for IT Managers – They need to do more with less and maximize available resources.

Of course, deploying a backup and recovery solution for your SaaS applications comes with a cost, yet there are important (and substantial) cost-savings opportunities.

The first is through reduced SaaS licensing fees. Based on a recent Total Economic Impact report done by Forrester, companies save on months of SaaS licensing fees for employees who leave the organization – or around 10% of the work force per year. This number can be much higher if organizations use a lot of temporary staff or contractors. Having all historical data available simplifies data management and employee onboarding and offboarding.

The second is reduced auditing and legal costs. In the same TEI report, one of the organizations surveyed shared that seven days of auditor and lawyer costs are avoided each year by having SaaS data availability.

Benefit #2 – Regulatory compliance

Handling sensitive data is subject to stringent record retention and data reproduction requirements for all public records. With a proper backup and recovery solution, you can expect to:

• Gain access to fast information discovery
• Easy retention policy management
• Additional rights to ensure compliance with applicable outsourcing regulatory requirements (e.g., extended audit rights, chain-sourcing approval rights).

In addition, data center facilities leveraged to store the data have high physical security standards and certifications (ISO 27001, SOC-2, ISAE 3402, PCI/DSS, HIPAA). It is important that you ask your vendor what they offer regarding regulatory compliance and data center certifications when investigating which tool to deploy.

Benefit #3 – Real disaster recovery

Third-party backup and recovery solutions must (not should) allow you to perform disaster recovery. The shortlist of important points to look for when selecting your solution:

• Data availability: Get access to all your data, at any time, from anywhere. A proper backup solution provides you with unlimited storage, is cloud-based so you can always access your data, and it should reside on its own cloud for enhanced security and control.
• Hot storage of data: Get your data on demand
• Quick restore options for data: Restore fast, regardless of if it’s a single email or an entire point-in-time backup for your organization
• On-the-go backup status monitor: Get updated with a mobile admin app

Keepit Backup and Recovery for Google Workspace

Keepit for Google Workspace is the world’s only independent cloud dedicated to backup and recovery. It is easy to use and keeps your Google Workspace data highly secure, always available, and instantly restorable.

Keep your data available 24/7 with automatic backup and unlimited storage
Quickly find and restore data, whether you want to restore one single email or an entire snapshot for your organization.

Easy to set up, easy to use, easy to scale
Keepit is a set-and-forget installation that is easy to use: No training needed. You can integrate it with your existing system thanks to our API-first approach. No hidden fees, no surprises, and 24/7 support.

Choose the World’s only independent cloud for immutable data
Security is in our DNA. Once your data is backed up with Keepit, it is made immutable and undeletable thanks to blockchain-verified technology. It is a priority for us to provide you with excellent reliability, great backup and restore performance, instant access to individual files, multi-factor authentication, and data encryption at rest and in transit.

Learn more on our Google Workspace backup and recovery

What is eDiscovery?

Electronic discovery (sometimes known as eDiscovery, e-discovery) is one of those terms that means slightly different things in different contexts. 

For example, in legal spheres, eDiscovery involves identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI). The term also shows up in digital forensics, which focuses on identifying, preserving, collecting, analyzing, and reporting on digital information—clearly very similar, but not quite equivalent. 

In general, eDiscovery is the electronic aspect of identifying, collecting, and producing electronically stored information, such as emails, documents, databases, audio, and video files, and also includes metadata such as time-date stamps, file properties, and author and recipient information. In other words—regardless of the specific driving need—eDiscovery refers to finding and retrieving electronically stored ‘stuff’. 

Sounds easy enough, right? But as anyone who’s performed eDiscovery knows, today’s information-enabled organizations produce an awful lot of that stuff. In fact, the tendency for every single action we take to produce a digital trail led public-interest technologist Bruce Schneier to observe that “data is the exhaust of the information age” [Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, pg. 4].

Consequently, the sheer volume of electronically stored information makes eDiscovery a logistical challenge. Now, add in the time-specific nature of many requests—as in, needing to retrieve a file or record as it existed at a certain time on a certain date, a certain number of years ago—and the challenge becomes even greater. 

Beyond backup: enabling quick and simple eDiscovery

While the retention utilities included with software-as-a-service (SaaS) applications and cloud services may be adequate for retrieving something that’s a few weeks old, they certainly aren’t intended to provide—nor are they capable of providing—a substitute for long-term backup and the use cases it enables, including disaster recovery and eDiscovery.

To be resilient in the face of outages, compromises, and misconfigurations (or simply to find a crucial piece of information), your organization needs to be able to search and access SaaS and cloud data quickly and easily. Imagine the difference between a recovery mission aided by coordinates and a map versus a vague notion that someone is somewhere. 

Fortunately, with the right backup solution in place, eDiscovery really can be a breeze. Let’s look at a real-world example. 

ALPLA’s experience

With around 22,000 employees across 45 countries, ALPLA is one of the world’s leading manufacturers of high-quality plastic packaging.

The company’s rapid global expansion and cloud migration required an agile Microsoft 365 backup and recovery solution that could meet ALPLA’s need for 10-year data retention, and Keepit is proud to fulfill this need.

With other solutions, finding the right data to restore can be a tedious task, especially when very little information is provided by users—but Keepit’s unique and intelligent search features make it easy. In the words of Stefan Toefferl, Senior Data Center Engineer at ALPLA: “Keepit provides search filters that make eDiscovery simple, allowing us to quickly find and restore an exact file.”

One of the features most valued by ALPLA is the option to share a secure link to download a file, quickly getting the data back to the users. It’s features like this Public Links (40-second demo video) that makes Keepit more than just an ordinary backup and that helps our customers to become more efficient in their daily IT operations. Read more about the ALPLA customer case here.

Risk management in the digital age

The nature of backup and restoration is that you often don’t know when something might be needed: unexpected audits, legal discovery, cybersecurity incidents, or even an employee needing to recover something that they deleted years ago—these can all happen at any time.

That’s why truly managing risk requires a third-party backup solution that: 

• Protects users and groups by providing snapshot-based restoration and timeline-based comparative analysis 
• Preserves roles and permissions, with change tracking and straightforward comparisons 
• Enables compliance and eDiscovery, for instance by capturing audit and sign-in logs, supporting log analysis, ensuring long-term retention, and enabling restoration to another site 
• Accommodates growth into policies and devices by preserving device information and conditional access policies 

To help enterprises avoid disruption due to lost or inaccessible SaaS data, Keepit has architected a dedicated, vendor-neutral SaaS data backup solution that is resilient, secure, and easy to use.

You can see Keepit in action on our YouTube channel, or head to our services page to learn more about what we offer.  

We get asked this question often, and at face value, it’s easy to see how one could equate litigation hold with backup – both have something to do with ‘preserving’ data. However, the reality is that backup and litigation hold differ on many points, and any company that fails to understand the differences between them (and the utility of each) will eventually learn the repercussions the hard way. Let’s explore the key differences between litigation hold and backup.

What Is Litigation Hold?

The term ‘litigation hold’ comes from US case law (2003, Zubulake v. UBS Warburg) where the judge ruled: ‘once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.’

In 2010, Microsoft introduced a litigation hold (sometimes referred to as legal hold) retention feature for Microsoft Exchange to support eDiscovery. The feature was intended primarily as a way of preserving data should there be a legal need to preserve it for access and viewing during a litigation. Think of it as being for documentation purposes, not as a way to restore data back in place to operating platforms like Microsoft 365.

Microsoft later added the ability to create what they call in-place holds, which are holds based on a query (such as “find all messages containing the phrase ‘Project Starburst’). The back-end implementation of litigation and in-place holds are slightly different; you can see more details in Microsoft’s documentation.

Let me say it again, slightly differently: Litigation hold wasn’t designed with the intention of serving as a backup service. Yet, some still try to rely on it as a backup solution, particularly to make ends meet when not having a designated data security plan (including a third-party backup solution), with the reasoning that “some sort of data preservation is better than none, right?”

However, there are many drawbacks and substantial risks associated with these types of setups that lead to a risky, false sense of data security. Some of the shortcomings and risks of relying on litigation hold as a backup are:

• Data storage quotas capped at only 110 GB
• Some eDiscovery features require additional-cost licenses; if you don’t buy the licenses, you can’t use the features
• User mailbox data is only kept while an Exchange Online license is assigned to the user. When a user leaves or becomes inactive, removing the license will eventually remove the data.
• Recovering data needs an administrator and is a time-consuming process
• The held data is not physically separate from the original copy

The bottom line is that you can’t depend on litigation hold or in-place holds as mechanisms for general-purpose recovery from mistakes or disasters. That’s not what they’re meant for, and you run the risk of losing data if you try to use them for that purpose.

What Is Backup?

Backup, by definition, provides one or more additional copies of your data, stored in a location physically separate from that of your primary dataset. Physical separation is a fundamental facet of backup, since storing your backup data in the same location as the primary data represents a single point of failure.  Effectively, there is no data redundancy in these types of setups.

With traditional on-premises backup, the physical separation rule meant having an off-premises backup stored in another building – so that in the event of a disaster, e.g. a fire in one building, would not destroy all your data. For cloud backup, it’s fair to ask ‘what cloud does my backup data go to?’ The answer is usually either ‘Microsoft Azure’ or ‘Amazon Web Services.’ Ideally, you want that data going to a cloud not operated by your SaaS application vendor (so, it wouldn’t be fair to put your Microsoft 365 data into Azure); otherwise, you’re violating the physical-separation rule.

Any service that is not providing this separation of copies is not—and should not be—considered a true backup.

At Keepit, we talk a lot about the ‘3 Ms’ that can cause data loss: mistakes made by people; mishaps at the SaaS application vendor; and malicious actions from inside or outside the organization.

Following data protection best practices, a properly executed backup scheme provides against all three of the Ms if anything should happen to the primary (original) dataset: malicious action in the form of a ransomware attack or a disgruntled employee; mistakes where someone with legitimate access accidentally deletes important data (or needs to back out changes they didn’t want to keep); and mishaps, where the service provider has an outage or data loss. Litigation holds can’t protect you against all 3 of the Ms: there’s no physical separation, limited ability to do large-scale restores, and no real concept of version control.

What to Look for In a Cloud SaaS Backup Solution

Besides the must-have features of data redundancy and availability, a worthy backup solution will offer a multitude of convenience and productivity-boosting tools and services, further distancing it from litigation hold. The first thing to look for is a solution that’s purpose-built for the cloud, not a refurbished or reskinned on-premises solution. Rather, a good, dedicated third-party backup solution.

Here are some of the key benefits to look for in a dedicated third-party backup solution:

• Simple, quick restoration of the data you need, when and where you need it, in the format you need it
• Direct restore from live storage, with no waiting for offline or near-line storage
• An intuitive interface for quickly and easily finding and previewing specific files or messages before storing them
• Secure, immutable storage in an independent cloud
• Flexible geographic storage options to cover your data sovereignty requirements
• A predictable and transparent cost model, with no hidden surprise charges for data ingress, egress, or storage

For more insight into data protection in the cloud era, get an in-depth look via the e-guide on Leading SaaS Data Security. Or, if you’d like to learn more about Keepit backup and recovery services for Microsoft 365, Salesforce, Google Workspace, and others, visit this page.