HYCU has found a new niche of SaaS app background infrastructure configurations and resource settings that can be mission-critical and need to be protected, and new regulations like DORA will expand the SaaS app backup business with personal exec liability.
SaaS users can use cloud services at many stages of their operation, their application ecosystem, from build to run. They can be used in infrastructure services, IT service management, software development, app management and DevOps, information security and compliance, data management and analytics, and collaborative work management. SaaS app services can work their way into mission-critical operations.
HYCU CEO Simon Taylor presented on this topic to an IT Press Tour audience in Boston. He said an example is AWS and its Lambda functions, with Lambda used for notifications of security events within an organization’s security unit: “Once you break a lambda function, it breaks the flow … We’re talking thousands of functions. All it takes is an intern cleaning up the wrong YAML files, and because you rely on the notification, you no longer get notifications of breaches.”
Another is “cloud formations. If you don’t back it up correctly, you can accidentally redeclare someone’s environment null … These are all little universes where people just take it for granted as a default service. They don’t realize that, when you ask an intern to ‘go clean this up,’ enormous damage can be caused … That’s where we’re seeing a lot of the issues come out.”
HYCU currently protects 86 SaaS applications and databases, with Taylor claiming: “We are the world’s number one SaaS data protection platform [and] we cover more than ten times the rest of the industry at large.” Protecting SaaS app infrastructure items is now becoming a visible need. ”Configuration protection is one of the most under-served markets in backup,” he said.
Having realized that SaaS app infrastructure settings, like configurations, need protecting too, HYCU is adding new capabilities to its SaaS-protecting R-Cloud offering.
Taylor said: “Imagine things like GitHub, Bitbucket, and GitLab. What do they have in common? They all store your source code, a pretty important thing if you’re running a software company … When we started this process, people said, ‘Why would I back that up?’ We said, ‘Well, it’s your source code.’ And then you see the light bulb go off, and they’re like, ‘Oh my god, I’m not backing that up.'”
Another example: “There’s a customer, they actually leverage the assets in Jira Service Management for inventory. Yet if they delete those assets, they have actually deleted their inventory.”
“One last example, Jira product discovery … We use that ourselves, and you would be surprised at how critical that book comes within three weeks. It’s last year’s fastest growing application. Every single piece of feedback that your company has from a product development perspective now lives there. What if you lose that? You basically lost product management when you’ve done that, right?”
Subbiah Sundaram, SVP, Products, said HYCU’s aim is to protect the entire tech stack including IT tools and services:
He said HYCU is looking at providing cross-cloud regional mobility, citing a US federal customer request to provide VMware to Azure Government to AWS GovCloud to Microsoft Azure Stack HCI mobility. A financial customer wanted Nutanix to/from VMware to AWS and AWS zone, and to GCP and GCP zone. HYCU demonstrated its cross-cloud movement capabilities.
DORA and its consequences
HYCU is also providing data protection and residency for compliance with the European Union’s DORA and NIS2 regulations. DORA’s article 12 requires secure, physically and logically separated backup storage:
This has a possibly unexpected significance, HYCU says, in that the data needing to be backed up includes SaaS app data. Taylor said: “Now the government is mandating that [customers] have their own copy of the data. It’s not even about just backing up your data and recovering it for usage, etc. They now legally have to have a local copy. And what they have to start doing is asking their SaaS vendor, ‘Where am I supposed to get that from?’
“This is a game changer. So they must have to back up their Office 365, and show they have a copy, sure, but at least they can do that. What about Workday? What do they do when it’s Jira and they haven’t thought about backup? What do they do when the government comes and says, ‘Well, wait, where’s all your payroll data, right? Do you have that?’ Oh, those guys have not. That was before DORA. Now you legally have to have that.”
DORA is different from previous regulations: “The big difference here is that there’s personal liability. Now within DORA, this is no longer, oh, the company will pay the fine. Now the CIO, or the operating board member, is responsible for the fines and for personal prosecution.”
Taylor added: “In other ways, this is happening in the US. You know, regulators are starting to ask those questions of CISOs in particular. We spoke at a CISO forum recently, and you know, it was amazing to me, the fear in the world, fear, actual fear. Because, this time, the CISO community is now personally liable for some of these things.”
There’s a supply chain aspect to this: “If you supply to a [DORA-regulated] financial institution, you have to make sure you are compliant … The government is making sure everybody’s there, that the entire value chain is supported.”
HYCU is providing secure offsite storage for on-premises, cloud, and SaaS workloads. It already supports AWS S3, Google Cloud Storage, and Azure Blob, and is adding support for object storage from Dell, Cloudian, and OVHcloud.
With Commvault developing automation for the cloud application rebuild process and HYCU working on protecting the SaaS app background infrastructure components, the world of public cloud-delivered data protection is becoming more mature – both broader and deeper.
